EMG's  software  plan  The  storage  giant  plans  to  fit 

$3.6  billion  worth  of  software  company  acquisitions  into  its  fold.  PAGE  10. 


Lack  of  retention  Bank  of  America  and  others  are 

paying  the  price  for  poor  record  keeping  of  e-mails.  PAGE  12. 
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Linksys  announces  a 
new  line  of  802.1 1g 
gear  that  significantly 
boosts  WLAN 
speeds.  Page  41. 


JOHN  HERSEY 


Cost,  coverage  and  capacity  are  the  three 
variables  when  figuring  out  which  wireless 
LAN  technology  is  right  for  your  network. 

In  thisTechnology  Insider,  we  lay  out  the 
case  for  802.11a,  for  802.1 1  b/g  and  for  a 
multi-mode  approach.  Page  57. 

WiMax  and  ZigBee:  Put  these  two 
up-and-coming  wireless  technologies  on 
your  radar  screen. They  have  the  potential 
to  extend  wireless  connectivity  out  to 
mobile  users  and  into  wireless  mesh 
networks.  Page  60. 

Best  of  the  Wireless  Wizards: 

Our  wireless  gurus  answer  yourWi-Fi 
questions.  Page  62. 

Clear  Choice  Test:  Newbury  Networks' 
Watchdog  provides  an  electronic  fence  to 
stop  outsiders  from  sniffing  your  network. 

Page  64. 

Online:  Find  an  updated  Buyer's 
Guide  of  wireless  products  at 
www.nwfusion.com,  DocFinder:  1130. 
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JAVA  ENTERPRISE  SYSTEM 
i  OUT  MORE  INSIDE,  OR  AT: 

rOM/JES 


The  Network  is  the  Computer' 


Microsoft  readies 
pitch  on  patches 


■  BY  JOHN  FONTANA 

Microsoft  customers  this  week 
are  hoping  to  finally  evaluate  the 
company’s  new  patch  manage¬ 
ment  tools  and  hear  more  about 
the  wide-ranging  systems  man¬ 
agement  platform  in  which  those 
tools  will  be  a  key  component. 

At  the  company’s  annual  Man¬ 
agement  Summit,  Microsoft  is  ex¬ 
pected  to  unveil  the  first  beta  of 
Software  Update  Services  (SUS) 
2.0,  a  free  Windows  server  add¬ 
on  that  runs  behind  a  firewall 
and  automates  the  acquisition 
and  deployment  of  patches.  SUS 
2.0,  which  eventually  will  be 
built  into  Windows,  is  just  one  of 
the  new  tools  Microsoft  is  devel¬ 
oping  for  its  much  maligned 
patch  infrastructure. 

Over  the  past  few  years,  an  on¬ 
slaught  of  worms  and  viruses  has 
shown  that  Microsoft’s  patching 


tools  are  not  up  to  snuff. 

The  next  generation  of  tools  are 
just  a  small  portion  of  Microsoft’s 
Dynamic  Systems  Initiative  (DSI), 


which  is  focused  on  creating  a 
self-managing  environment  built 
around  applications  that  can 

See  Microsoft,  page  16 


■ix  uie  pencil  upudie  system 

We  call  on  vendors  to  simplify  the  process. 

■  BY  RODNEY  THAYER,  NETWORK  WORLD  LAB  ALLIANCE 

After  last  summer’s  Blaster  outbreak  —  which  would  have  been 
much  shorter-lived  if  users  patched  more  Windows  machines  — 
there’s  been  considerable  debate  about  why  users  are  slow  to 
apply  necessary  security  patches. 

One  reason  is  the  time  and  effort  required  to  determine  which 
machines  need  patches,  test  those  patches  and  roll  them  out  across  the 
network.  Microsoft  is  developing  new  tools  that  might  help  automate 
these  processes  (see  story, above), but  there  are  also  more  elementary 
reasons  why  Johnny  can’t  —  or  doesn’t  —  patch. 

One  is  that  vendors  aren’t  providing  clear-cut  information  about 

See  Patch,  page  10 


IT  workers  and  caffeine:  A  high-octane  affair 

■  BY  CARA  GARRETSON 


Sometimes  coffee, soda  and  ginseng  candy  just  don’t  give 
Ben  Robinson  the  boost  he  needs. That’s  when  he  turns  to 
the  heavy  stuff:  caffeinated  soap. 

“It  wakes  you  up  right  away,  before  coffee  could  be  kicking  in,” 
says  Robinson,  a  business  and  technology  student  at  the  University  of 
Guelph  in  Ontario. 

“I  already  knew  that  a  lot  of  chlorine  gets  absorbed  into  your 
skin  when  you  take  a  shower,  so  it  seemed  reasonable  to  me 
that  you’d  absorb  a  significant  amount  of  caffeine  if  you 
took  a  long  shower  and  lathered  up  well,”  he  says. 

See  Caffeine,  page  84 
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Your  potential.  Our  passion. 


®>  TOYOTA 


name 

Ms.  25%  Lower  TCO  on 

Dealer  Infrastructure 
Management 


"Ten  percent  of  my  IT  group  used  to  be  dedicated 
just  to  monitoring  our  systems.  Now  they're 
dedicated  to  providing  new  services  to  dealers" 

Mylene  Mayers 

Technology  Manager,  Toyota  Motor  Sales  USA 


Make  a  name  for  yourself  with  Windows  Server  System. 

Microsoft  Windows  Server  System  makes  Toyota 
Motor  Sales  USA's  infrastructure  easier  to  manage. 
Here's  how:  using  Microsoft  Operations  Manager 
and  Windows  Server,  Toyota  has  reduced  the 
number  of  IT  staff  required  to  manage  its  dealer 
servers  from  seven  to  one,  allowing  the  other  six 
staff  members  to  be  redeployed  to  more  strategic 
work.  It's  software  that  helps  you  do  more  with 
less.  Get  the  full  Toyota  story  and  a  hands-on 
management  tool  at  microsoft.com/wssystem 


Windows 


Server  System 


Windows  Server  System™  includes  these  products: 


Server  OS 

Windows  Server™ 

Operations  Infrastructure 

Systems  Management  Server 

Application  Center 

Operations  Manager 

Internet  Security  &  Acceleration  Server 

Windows*1  Storage  Server 

Application  Infrastructure 

SOL  Server™ 

BizTalk*  Server 

Commerce  Server 

Content  Management  Server 

• 

Host  Integration  Server 

Information  Work  Infrastructure 

Exchange  Server 

Office  SharePoint™  Portal  Server 

Office  Live  Communications  Server 

microsystems 

The  Network  is  the  Computer 


Java  Enterprise  System 


Everything  you  need  to  run  your  business.  Email,  instant  messaging,  calendar,  application  server, 
portals,  network  identity,  clustering,  web  server,  security,  enterprise  messaging,  interoperability,  web 
service  delivery,  directory,  firewalls,  streaming  video,  grid  computing  and  more  -  all  for  a  single 
price  of  $  100/employee/year,1  with  an  unlimited  right  to  use.  All-inclusive,  no  hidden  costs.  Software, 
service  and  support  included.  Our  bet  is  that  you  never  spend  too  much  on  IT  again. 

Purchase  a  subscription  to  the  Java  Enterprise  Developer  Promotion  and  get  a  free  Sun  Fire“  V20z 
AMD  Opteron-based  server  today.2 


THE  BLUEPRINT  IN  THE  BACKGROUND  DEMONSTRATES  THE  WORID-CLA: 

-ANO'ARCHrsCTURE'.OETHE  SUN  JAVA  ENTERPRISE  SYSTEM.  TODAY.  5C  C 
•IAVA  EKTERPR!SE:SYS3EiY;  to  deliver  network  services  to  OVER  11C 
AN^ItmNS.Ofi^EiR  CUSTOMERS  WHILE  SLASHING  IT  COSTS. 
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SOFTWARE  INFRASTRUCTURE 
JtitNffeRPRISE*  EMPLOYEES 


FIND  OUT  HOW  MUCH  YOU  CAN 
SSpAND  HOW  MUCH  YOU  CAN  SAVE  AT 

SUN.COM/JES 

'•!?  AAjVji.-i  •  V.  '  i  .  . 


«iC.'>;GjSUS.  llST  PBICt  ALL  PRICES  ARE  QUOTED  IN  US.  DOLLARS.  2  OFFER  VALID  IN  THE  U  S  AND  THROUGH  SUN  STORE  ONLY.  PROMOTION  VALID  THROUGH  JUNE  30.  2004.  FOR  A  LIMITED  TIME  ONLY  GET  THE  JAVA  ENTERPRISE  DEVELOPER  PROMOTION 
040JE  OF  OVERUS  $7000  FOR  ONLY  US  $1409  PER  YEAR  FOR  A  3-YEAR  SUBSCRIPTION.  SEE  WEBSITE  FOR  DETAILS 

a**  sun  Microsystems,  inc.  all  rights  reserved,  sun.  sun  microsystems,  the  sun  logo,  java  the  java  logo,  sun  fire  and  the  network  is  the  computer  are  trademarks  or  registered  trademarks  of  sun  microsystems  inc  in 
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News 


NetworkWoria 


■  8  Financial  institutions  face  rising  threat  in  ’Net  attacks. 

■  8  NetScreen  upgrades  IDP  software. 

■  10  IBM  Dicks  up  supply-chain  partner. 

■  10  EMC  dives  into  information  life-cycle  management. 

■  12  Extreme  Networks  unites  wired,  wireless  networks. 

■  12  Vendors  tackle  electronic  records  retention. 

■  14  AT&T  teams  with  Grand  Central  to  offer  Web  services. 

■  14  Mercury,  NetlQ  expand  apps  management  lines. 

■  82  Foundry  offers  10G  switch  for  wiring. 

■  84  ISPs  slap  suits  on  alleged  spammers. 

■  84  HP  to  snap  up  user  management  firm. 


Infrastructure 

■  17  Net6  offers  twist  on  remote 
access. 

■  17  Cisco  raises  security  profile. 

■  20  Symbol  CEO:  Challenges 
ahead. 

■  20  HP  blade  server  gets  dense. 

■  22  Dell.  VMware  boost  server 
wares. 

■  22  Kevin  Tolly:  WAN  router 
redux. 

Enterprise 

Applications 

■  25  IronPort.  Proofpoint 
appliances  target  spam. 

■  25  Web  services  project  protects 
healthcare  provider. 

■  28  Flash:  More  than  just  glitzy 
Web  sites. 

■  31  Scott  Bradner:  The 

butterfly  as  protector  (or  petty 
censor?). 

■  32  Special  Focus:  Open 
source  database  improvements  grow. 

Service  Providers 

■  37  IPass  soreads  its  Wi-Fi 
wings. 

■  37  Hughes  pushes  satellite 
broadband  standard. 

■  38  Johna  Till  Johnson: 

Fear  not:  The  telecom  industry  will 
bloom  yet  again. 

Net.Worker 

■  41  Linksys  increases  WLAN 
speeds  within  802.11  standard 


Technology 

Update 

■  47  Fibre  Channel  doubles 
speeds  of  SANs. 

■  47  Steve  Blass:  Ask  Dr. 

Internet. 

■  50  Mark  Gibbs:  Cascading 
Style  Sheets  (5)  rollovers! 

■  50  Keith  Shaw:  Cool  tools, 
gizmos  and  other  neat  stuff. 

Opinions 

■  52  Editorial:  Adding  data 
center  capacity  block  by  block. 

■  53  Ken  Presti:  Wrangling 
over  services  revenue. 

■  53  Thomas  Nolle:  A  new 

dimension  to  an  old  rivalry. 

■  54  Letters:  Readers  speak 
out  on  spam. 

■  86  BackSpin:  Hooked  on  the 
lowest  bidder. 

■  86  'Net  Buzz:  Hey.  they  stole 
the  whole  site. 

■  76  Career  classifieds. 

Management 

Strategies 

■  69  Encryption  restrictions: 
Regulations  regarding  the  import 
and  export  of  encryption  products 
affect  buying  decisions  worldwide. 


Technology  Insider  WLAN  planner:  Deploying  a  wireless  LAN  requires  making  tough 
technology  choices.  Should  you  go  with  an  802.11a  network  or  an  802.11b/g  network?  Or  a  multi-mode  net¬ 
work?  In  this  Technology  Insider  we  lay  out  the  case  for  each  option.  Page  57. 

WiMax  and  ZigBee:  Two  new  technologies  on  the  horizon  promise  to  extend  wireless  connectivity 
out  to  mobile  users  and  into  wireless  mesh  LANs.  Page#60^-< - - 

agk 

Best  of  the  Wireless  Wizards:  Our  Wi-Fi  gurus  answer  your  toughest  questions. 

Page  62. 

Clear  Choice  Test:  Newbury  Networks'  Watchdog  provides  an  invisible  fence  to  keep  out  intruders. 

Page  64. 

Online:  Wireless  gear  Buyer's  Guide  at  www.nwfusion.com.  DocFinder:  1 1 30. 

NetuvorkWorldfiision _ 

www.nwfusion.com 


Exclusive 

Case  studies:  Network  management 

Come  online  for  the  first  in  an  exclusive  series  of  stories  spotlighting 
enterprise  network  managers'  innovative  use  of  management  products 
to  automate  processes,  prevent  outages  and  save  money. 

DocFinder:  1143 

When  bloggers  sleep 

In  Layer  8,  we  pondered  the  case  of  a  well-known  blogger  who  says 
he  follows  1.348  other  blogs  and  wondered  when  he  finds  the  time  to 
sleep.  He  finds  the  time  to  let  us  know.  DocFinder:  1144 

Interactive 

Time  to  regulate  Windows? 

Columnist  Mark  Gibbs  Dosed  the  question  last  week.  See  how  Fusion 
users  resDond  —  and  add  your  comments. 

DocFinder:  1145 

Seminars  and  events 

Messaging:  From  chaos  to  control 

Messaging  is  in  crisis.  Ever-escalating  e-mail  assaults  now  threaten 
core  competencies  of  even  the  most  soDhisticatcd  corporations.  It's 
time  for  better,  more  aggressive  answers  that  again  make  messaging 
a  corporate-safe  application.  Industry  expert  and  Network  World 
Columnist  Mark  Gibbs  will  Dresent  the  latest  demos  and  new  tools. 
DocFinder:  9876 


Columnists 

Wireless  Wizards 

Combatting  WLAN  interference 
The  Wizards  help  out  a  user  who  needs  to  cut  down  on  the 
amount  of  interference  his  wireless  net  is  getting  from 
outside  sources,  DocFinder:  1146 

Help  Desk 

Curbing  P2P  apps 

Columnist  Ron  Nutter  discusses  ways  to  block  or  limit  the 
bandwidth  that  file-sharing  applications  use. 

DocFinder:  1147 

Telework  Beat 

GSA's  telework  uDdate 

Net.Worker  Managing  Editor  Toni  Kistner  interviews  the  head 
of  the  General  Services  Administration's  telework  efforts  to 
see  where  the  government  stands  on  teleworking. 

DocFinder:  1148 

Small  Business  Tech 

Fighting  spam  the  Wright  way 

Columnist  James  Gaskin  talks  to  Roger  Wright,  a  systems 

administrator  at  a  Florida  bank,  on  how  he  is  fighting  spam. 

DocFinder:  1149 

Breaking  News 

Go  online  for  breaking  news  every  day.  DocFinder.  6342 


■  CONTACT  US  Network  World,  118Turnpike  Road,  Southborough, 
MA  01772;  Phone:  (508)  460-3333;  Fax:  (508)  490-6438; 

E-mail:  nwnews@nww.com;  STAFF:  See  the  masthead  on  page  14 
for  more  contact  information.  REPRINTS:  (717)  399-1900 

SUBSCRIPTIONS/CHANGE  OF  ADDRESS:  Phone:  (508)  490-6444; 
Fax:  (508)  490-6400;  E-mail:  nwcirc@nww.com; 

URL:  www.subscribenw.com 


Free  e-mail  newsletters 

Sign  up  for  any  of  more  than  40  newsletters  on  key  network  tooics. 

DocFinder:  6343 


What  is  DocFinder? 

We've  made  it  easy  to  access  articles  and 
resources  online.  Simply  enter  the  four-digit 
DocFinder  number  in  the  search  box  on  the 
home  page,  and  you’ll  jump  directly  to  the 
requested  information. 


The  tiny  SanDisk  T-Flash  card 
can  be  removed  from  cell 
phones  and  upgraded.  Page  50. 
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Microsoft  greased  skids  for  SCO 

M  Microsoft  executives  introduced  The  SCO  Group  to  an  invest¬ 
ment  fund  that  provided  the  company  with  a  $50  million  invest¬ 
ment  last  October,  a  spokesman  for  the  fund  confirmed  last  week. 
Microsoft  executives  talking  to  BayStar  Capital  suggested  the 
investor  should  look  into  SCO  as  an  investment  opportunity  said 
Bob  McGrath,  a  BayStar  spokesman.  “BayStar  was  introduced  to 
SCO  by  executives  at  Microsoft,”  McGrath  said. “We  talk  to  individu¬ 
als  all  the  time  about  investment.”  SCO  says  the  Linux  operating  sys¬ 
tem  contains  code  that  violates  its  intellectual  property  rights,  and 
it  has  launched  lawsuits  against  IBM  and  Novell  in  connection  with 
those  claims.  Microsoft,  whose  Windows  operating  system  monop¬ 
oly  is  threatened  by  Linux,  has  paid  SCO  in  the  past.  A  2003  Unix 
licensing  deal  between  the  two  companies  earned  SCO  $16.6  mil¬ 
lion  last  year,  according  to  Securities  and  Exchange  Commission  fil- 
ings.The  software  giant’s  role  in  the  BayStar  financing,  however,  had 
been  unknown  until  recently 

Wireless  top-level  domain  proposed 

■  Nine  leading  network  vendors  have  proposed  a  new  registry  that  would  sell  domain 
names  for  wireless  devices.This  proposal  is  one  of  several  new  domain  name  extensions 
that  the  Internet  Corporation  for  Assigned  Names  and  Numbers  is  expected  to  receive  by 
March  16,  the  deadline  for  submitting  proposals  for  new  specialized  top-level  domains. 
Nokia,  Microsoft  and  Vodafone  lead  the  wireless  industry  group,  and  it  has  the  backing 
of  HPSamsung,Sun  and  others.The  group  hopes  to  create  a  top-level  domain  that  would 
be  available  only  to  companies  that  offer  Web  pages  or  other  Internet  services  designed 
for  use  with  wireless  devices.  For  several  years,  Nokia  has  been  pushing  the  idea  of  a  ded¬ 
icated  top-level  domain  for  the  wireless  industry  In  2000,  Nokia  submitted  a  proposal  to 
ICANN  for  a  new  top-level  domain  and  offered  eight  possible  extensions,  including 
.mobile  and  .mobi.  ICANN  rejected  Nokia’s  original  proposal, saying  that  it  lacked  a  strong 
marketing  plan. 

Palmisano's  pay  pegged  at  almost  $7M 

S  Sam  Palmisano  was  paid  a  $5.4  million  bonus  for  leading  IBM  in  2003,  making  his  total 
compensation  for  the  year  $6.95  million,  the  company  said  in  a  regulatory  filing  last  week. 
IBM’s  chairman  and  CEO  was  awarded  the  compensation  for  navigating  the  company 
through  “several  challenges”  and  increasing  its  share  in  the  server  and  small  and  midsize 
business  markets,  according  to  documents  filed  with  the  Securities  and  Exchange 
Commission.  Palmisano’s  2003  pay  was  more  than  $1  million  greater  than  what  he  earned 
in  2002,  when  he  was  awarded  a  salary  of  $1.43  million  and  a  bonus  of  $4.5  million. 


O  M  P  E  N  D  1  U  M 

The  real  support-forum  losers 

Sure,  newbies  can  ask  dumb  questions  sometimes,  but  why  do  some  people  seem  to 
delight  in  hanging  out  in  support  forums  to  insult  them?  Did  they  pull  the  wings  off 

flies  as  kids?  Discuss  at  www.nwfusion.com,  DocFinder:  1134. 


www.nwfusion.com  j 


Good  Bad  Ugly 


In  the  money.  The  telecom  market  has  taken  more  than  its  fair  share 
of  lumps  in  recent  years,  but  the  last  few  weeks  have  been  rather  kind  to  it  in  terms 
of  new  funding.  A  sampling:  Optical  network  equipment  maker  Xtera  scored  $30 
million,  broadband  wireless  box  vendor  Aperto  garnered  $20  million,  and  security 
services  device  supplier  Quarry  Technologies  added  $18  million  to  its  coffers. 

What  a  Waste.  What’s  the  environmental  impact  of  a  little  old  PC?  According 
to  a  United  Nations  University  study  issued  last  week,  about  1.8  tons  of  raw  material 
(including  water,  fossil  fuel  and  chemicals)  are  required  to  manufacture  the  average 
desktop  PC  and  monitor.  One  of  the  study’s  conclusions:  Users  and  vendors  can 
do  more  to  save  energy  by  extending  the  lives  of  PCs  than  by  recycling  them. 


Spam  suit  nails 
Bob  Vila  site. 

Home  improvement  Web 
site  BobVila.com  might 
need  a  little  fixing  up  in 
light  of  a  lawsuit  filed 
earlier  this 
month  alleging 
the  operator  and 
promoter  of  the 
site  are  guilty  of 
violating  the  federal 
CAN-SPAM  Act.  ISP 
Hypertouch  says  the 
site  sent  unsolicited  e- 
mail  promoting  a 
newsletter  —  a  charge 
that  the  site's  marketing 
company  denies.  >- 


Intel  balks  at  Chinese  WLAN  rule 

■  Intel  last  week  said  it  won’t  meet  the  June  1  deadline  that  China  has  imposed  to  require 
all  wireless  LAN  equipment  with  encryption  that’s  sold  in  China  to  make  use  of  a  Chinese 
government-developed  encryption  standard  known  as  WAPI.WAPI  (see  related  story,  page 
69)  is  a  secret  encryption  scheme  developed  by  the  Chinese  government  that  will  only  be 
made  available  to  a  handpicked  number  of  Chinese  manufacturers  for  license  to  other 
companies.  The  Chinese  government’s  approach  to  WAPI  and  WLANs  has  rankled  U.S. 
manufacturers,  who  would  be  forced  into  close  co-production  relationships  with  Chinese 
competitors.  Intel  said  its  decision  not  to  support  WAPI  in  its  products  by  the  June  1  dead¬ 
line  means  it  could  be  forced  to  stop  selling  some  computer  chips  in  China. 


Nortel  to  delay  2003  financials 

■  Nortel  last  week  said  it  would  delay  filing  its  2003  annual  report  with  the  Securities  and 
Exchange  Commission  as  it  continues  an  internal  review  begun  in  October.  Nortel’s  audit 
is  currently  re-examining  the  “establishment,  timing  of,  support  for  and  release  to  income” 
of  certain  accruals  and  provisions  in  prior  periods.  The  company  said  it  believes  it  will 
need  to  revise  its  previously  announced  unaudited  results  for  the  full  year  and  results  in 
some  of  its  quarterly  reports  for  2003.The  company  also  said  it  would  restate  its  previous¬ 
ly  filed  financial  results  for  one  or  more  earlier  periods. 


Study  puts  privacy  costs  in  millions 

■  A  study  from  Ponemon  Institute,  a  Tucson,  Ariz.,  think  tank  that  focuses  on  how  busi¬ 
nesses  establish  privacy  policies  and  execute  them,  last  week  released  the  results  of  a  sur¬ 
vey  with  44  U.S.-based  multi-national  companies. “The  Cost  of  Privacy  Study’ underwritten 
by  IBM,  shows  that  companies  spend  between  $500,000  and  $22  million  each  year  on 
their  privacy  initiatives,  with  an  average  of  about  $5  million.  According  to  the  report,  tech¬ 
nology  companies  incur  the  highest  privacy  costs,  and  transportation  and  hospitality  the 
least.The  report  states  that  direct  and  indirect  spending  by  these  large  corporations  over 
the  next  year  will  total  about  $2.7  billion. 
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rattier  Web  threats  hit  finance  firms 


9  BY  ELLEN  MESSMER 

The  last  six  months  of  2003  saw 
a  fivefold  increase  in  worms  and 
other  types  of  malicious  code 
that  attempt  to  steal  personal 
data  from  Internet  users,  accord¬ 
ing  to  Symantec’s  semiannual  In¬ 
ternet  Security  Threat  Report. 

Companies  that  process  online 
financial  transactions  —  banks, 
brokerages  and  eBay  with  its 
PayPal  payment  service  —  are 
targets  of  these  attacks  more 
than  any  other  type  of  industry, 
the  report  notes. 

The  top  troublemaker,  a  worm- 
Trojan-back-door  threat  named 
Bugbear. B,  “would  steal  anything 
from  anybody  says  Alfred  Huger, 
senior  director  of  engineering  at 
Symantec  Security  Response. 
Bugbear.  B  specifically  looks  to 
see  if  a  host  computer  has  infor¬ 
mation  about  financial  data  or  if 
there’s  a  bank  domain  name. 

“Bugbear.B  can  also  deliver 
logged  keystrokes  to  a  third  party 
compromising  important  infor¬ 
mation  such  as  passwords  and 
decryption  keys,”  the  report  says. 
“The  creator  of  this  threat  appears 
to  have  targeted  financial  institu¬ 
tions  in  an  attempt  to  export 
financial  data  or  gain  future  ac¬ 
cess  to  accounts.” 

The  Symantec  report  compiles 
a  range  of  data  about  computer 
viruses  and  software  vulnerabili¬ 
ties,  and  the  number  of  attacks 
recorded  by  20,000  multi-vendor 
sensors  that  are  maintained  by 
companies  all  over  the  world. 

In  the  first  half  of  last  year,  only 
one-sixth  of  these  companies  re¬ 
ported  a  serious  security  breach, 
but  from  July  through  December, 
half  reported  a  breach  from 
worm  attacks  such  as  Blaster,  the 
report  says. 

Financial  institutions  agree  that 
they  are  under  siege  on  the 
Internet. 

Westpac  Banking  of  Australia 
last  week  was  hit  by  a  so-called 
phishing  scam  that  used  fake 
e-mail  that  seemed  come  from 
Westpac  to  trick  customers  into 
giving  the  attacker  passwords  to 
bank  accounts.  In  most  phishing 
scams,  the  attacker  sets  up  a  fake 
Web  site  with  a  home  page  that 
mimics  the  victim’s  home  page. 

In  last  week’s  scam  against 
Westpac,  the  attacker  carried  out 
the  plan  through  a  re-direction 
scheme  that  involved  opening  a 
fake  version  of  the  Westpac  Web 
site  and  opening  the  real 
Westpac  Web  site  in  a  second 


browser  window. 

“They  linked  to  a  genuine  Web 
site,  ours,  except  for  the  crucial 
part  where  you  put  in  a  pass¬ 
word,”  says  Paul  Gregory,  a  West¬ 
pac  spokesman.  About  a  half- 
dozen  Westpac  customers  fell 
victim  to  the  scam  before 
Westpac  discovered  it,  he  says, 
adding  this  wasn’t  the  first  phish¬ 
ing  scam  to  hit  Westpac  or  other 
Australian  banks. 

“It’s  pretty  common,”  he  said. 

In  fact,  there  has  been  a  steady 
rise  in  bank-targeted  phishing 
scams,  with  Citibank,  eBay’s  Pay¬ 
Pal  service,  Wachovia,  Bank  of 
America,  Wells  Fargo  and  several 
others  advising  of  problems  in 
public  announcements.  Citi¬ 
bank’s  Web  site  has  warned  its 
customers  of  18  phishing  scams 
since  December,  with  details 
about  the  fake  e-mail  and  Web 
site  links  of  each  one. Some  secu¬ 
rity  consultants  say  the  latest 
scam  against  Westpac  stands  out 
as  particularly  devious. 

“These  people  were  forcing  you 
to  a  valid  Web  site,”  says  Mike 
Hrabik,  CTO  at  Solutionary,  a 
managed  security  services  firm  in 
Omaha,  Neb.  One  way  this  can  be 
done  is  through  various  tech¬ 
niques  that  fall  under  an  attack 
called  cross-site  scripting.  Most  of 
them  involve  the  attacker  crafting 
a  link  with  cookie-stealing  code 
to  interact  with  the  victim’s 
browsing  session. 

In  spite  of  the  growing  problem, 
few  security  vendors  have  anti¬ 
phishing  products,  though  some 
application  firewalls,  such  as 
those  from  Teros  and  Sanctum, 
purportedly  block  cross-site 
scripting.  Use  of  authentication 
methods  stronger  than  simple 
passwords,  such  as  public-key 
infrastructure  (PKI)  certificates  or 
handheld  tokens  that  generate 
one-time  passwords,  would  make 
phishing  much  harder. 

Few  financial  firms  or  e-com- 
merce  companies  (Bank  of 
Nova  Scotia  is  one  exception) 
make  this  kind  of  technology 
available  to  their  mass-market 
customers.  But  some  require  PKI 
certificates  and  dynamic  pass¬ 
words  in  high-dollar  investment 
and  trading  arrangements.  West¬ 
pac  says  it  is  aware  of  these  alter¬ 
natives  but  is  evaluating  the  eco¬ 
nomic  cost  of  them. 

Hrabik  says  companies  should 
continually  “sweep  the  Internet” 
to  look  for  fake  Web  sites.  He  said 
it’s  often  just  a  matter  of  doing 
extensive  Web  searches.  ■ 


Top  10  attacks 

As  reported  to  Symantec  from  July  to  December  2003. 
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NetScreen  update  expands 
reach  of  intrusion  detection 


■  BY  TIM  GREENE 

NetScreen  Technologies  is  upgrading  its  intrusion- 
detection  software  so  it  also  gathers  and  parses  data 
about  network  traffic  to  reduce  false  intrusion 
alarms  and  pin  down  sources  of  network  attacks. 

The  upgrade,  called  Enterprise  Security  Profiler 
(ESP),  is  part  of  a  new  release  of  the  software  that 
runs  on  NetScreen’s  Intrusion  Detection  and  Pre¬ 
vention  hardware,  called  IDP  Version  3.0. 


NetScreen’s  new  IDP  1000  hardware  supports  software  to 
reduce  false  intrusion  alarms. 

NetScreen  IDP  devices  are  placed  between  net¬ 
works  and  key  assets,  typically  servers,  to  shield 
them  from  intrusions.  The  addition  of  traffic  gather¬ 
ing  and  analysis  will  help  the  gear  determine 
whether  suspicious  traffic  is  threatening  or  legiti¬ 
mate  for  any  given  network,  says  Charles  Kolodgy  an 
analyst  with  IDC. 

For  instance,  a  burst  of  requests  to  a  server  from 
one  IP  address  might  be  normal  in  a  given  network, 
but  an  intrusion-prevention  device  could  interpret  it 
as  a  denial-of-service  (DoS)  attack  and  shut  it  down. 
“False  positives  are  the  bane  of  intrusion  preven¬ 
tion,”  Kolodgy  says.“You  don’t  want  to  have  your  pre¬ 
vention  system  taking  down  legitimate  activity?’ 

NetScreen  IDP  boxes  can  only  see  traffic  that  flows 
through  them  on  the  way  to  key  network  resources, 
so  they  have  blind  spots  in  their  view  of  overall  net¬ 
work  traffic,  NetScreen  acknowledges.  This  means 
malicious  traffic  not  passing  through  would  go  unde¬ 
tected, so  customers  should  take  supplemental  steps 


if  they  want  full  network  coverage. 

ESP  parallels  the  efforts  of  Sourcefire,  whose  RNA 
product  also  gathers  network  traffic  information  for 
administrators  to  analyze.  Sou  reef  ire’s  goal  is  for  data 
that  RNA  collects  to  be  shared  directly  with  intru¬ 
sion-detection  and  -prevention  platforms,  Kolodgy 
says.  By  contrast,  NetScreen  is  for  the  first  time  rolling 
the  gathering  and  intrusion-prevention  features 
together  in  one  platform. 

The  data  ESP  gathers  includes  network  and  appli¬ 
cation  analysis.  So  it  would  track  traffic  by 
source  IP  address  but  also  by  application  ses¬ 
sion  initiated  from  that  address. 

With  IDP  3.0,  users  are  alerted  to  all  threats  in 
a  compound  attack.  With  earlier  versions,  an 
attack  might  generate  only  a  DoS  alert,  even 
though  the  attack  also  included  an  attempt  to 
take  root  control  of  a  server.  With  Version  3.0,  all 
components  of  attacks  are  reported. 

NetScreen  has  teamed  with  TruSecure  to  pro¬ 
vide  its  Intellishield  Alert  Manager  software,  which 
supplies  information  that  identifies  machines  vul¬ 
nerable  to  the  attack  and  where  to  find  patches  to 
defend  against  them. 

ESP  data  tracking  and  storage  can  be  used  to 
log  and  analyze  normal  traffic  flows  on  a  net¬ 
work,  valuable  data  that  network  executives  often 
lack  the  tools  to  monitor,  NetScreen  says.  It  can 
send  alarms  when  new  servers  are  added  to  a 
network,  for  example,  to  track  potentially  rogue 
use  of  the  network.  It  also  can  monitor  the  net¬ 
work  to  make  sure  banned  applications  such  as 
Kazaa  trigger  alerts. 

NetScreen  also  is  announcing  a  new  IDP  hardware 
device  called  NetScreen  IDP  1000.  It  has  all  the  fea¬ 
tures  of  other  NetScreen  IDP  devices,  but  has  gigabit 
throughput,  making  it  the  fastest  of  the  four  IDP 
models.  It  costs  $50,000. 

IDP  3.0  is  available  as  a  free  upgrade  for  customers 
with  service  contracts.  ■ 


►  BY  NOON,  THE  IT  DEPARTMENT  WILL  BE 
ALERTED  TO  750  DIFFERENT  PROBLEMS. 


ONE  OF  THEM  WILL  LOSE  115 
ONLINE  RESERVATIONS  A  MINUTE. 


CAN  YOUR  SOFTWARE  TELL  YOU  WHICH  ONE? 


Business  Service  Management  solutions  from 
BMC  Software®  can.  They  automatically  prioritize 
IT  management  issues  according  to  business 
importance  and  alert  you  before  potential  problems 
can  impact  performance.  They  also  let  you  prioritize 
IT  investments  and  resource  allocations  to  optimize 
your  business  results.  So  you  can  solidly  align  your 
IT  investments  with  strategic  business  goals.  And 


protect  the  delivery  of  vital  business  services  like 
online  transactions,  sales,  customer  service,  logistics 
and  distribution — whatever  is  most  critical  to  your 
company's  success.  It's  enterprise  management 
software  that  works  with  your  existing  IT  resources 
to  let  you  manage  what  matters  from  a  business 
perspective  and  execute  with  precision.  Find  out 
how  at  www.bmc.com/bsm34 
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EiS  gets  ready  to  show  softer  side 


m BY  DENI  CONNOR 

What  could  drive  a  traditional 
hardware  company  like  EMC  to 
spend  roughly  $3.6  billion  on 
three  big  software  companies 
over  the  past  nine  months? 
Consider  an  IT  customer 
like  CareGroup 
Healthcare  Sys¬ 
tem  in  Boston. 

which  uses  EMC  systems  to  store 
data  on  9  million  patients  across 
six  hospital  sites. 

“Wed  like  to  put  everything  on 
the  highest-end  EMC  Symmetrix. 
but  frankly  we  can’t  afford  to  keep 
70T  bytes  on  that  particular  sys¬ 
tem,”  says  CareGroup’s  CIO  John 
Halamka,  referring  to  EMCs  flag¬ 
ship  array,  which  starts  at 
$400,000. 

To  more  cost-efficiently  distrib¬ 
ute  its  data,  CareGroup  has 
bought  into  the  concept  of  infor¬ 
mation  life-cycle  management 
(ILM), a  software-driven  approach 
to  organizing  and  storing  the  vast 
amounts  of  data  created  within 


companies  based  on  the  data’s 
value.  CareGroup  uses  Symmetrix 
for  “need  it  now”  data,  EMC’s 
Clariion  gear  for  less  frequently 
used  data  and  EMC’s  Centera  for 
data  that  must  be  kept  but  is  rarely 
accessed. 

EMC  has  also  bought  into  ILM 
and  in  a  big 

ANALYSIS  way  as  its  buy¬ 
outs  of  Legato 
Systems  for  $1.3  billion  in  July 
Documentum  for  $1.7  billion  in 
October  and  VMware  for  $635  mil¬ 
lion  in  December  illustrate. 

“These  acquisitions  were  cen¬ 
tral  to  EMCs  goal  of  being  known 
as  the  ultimate  life-cycle  manage 
ment  company  says  Howard 
Elias,  executive  vice  president  of 
corporate  marketing  and  new 
ventures  for  EMC. 

The  deals  also  let  EMC  shift 
more  of  its  revenue  to  high-profit- 
margin  software,  a  key  strategy  for 
the  company  given  the  tight 
squeeze  on  hardware  margins 
(see  related  story  page  82). 

EMC’s  challenge  this  year  is  to 


digest  its  acquisitions  from  a  prod¬ 
uct  and  a  business  standpoint. 

ILM  strategy 

From  EMC’s  perspective,  the 
basic  tenet  of  ILM  is  to  provide 
tools  and  services  companies 
need  to  maximize  the  value  of 
their  information  while  reducing 
costs  at  every'  point  along  the  way, 
Elias  says.  That  means  under¬ 
standing  every  piece  of  informa¬ 
tion  and  its  importance  within  a 
company  and  then  placing  it  on 
appropriate  storage,  rather  than 
simply  throwing  data  on  disk  dri¬ 
ves. 

Gaining  this  additional  intelli¬ 
gence  is  where  the  software 
acquisitions  come  in.  EMC  execu¬ 
tives  say 

David  Goulden.  executive  vice 
president  of  customer  solutions, 
marketing  and  new  business 
development  at  EMC,  cites  six  lev¬ 
els  of  ILM, starting  at  tiered  storage 
at  the  bottom  and  finishing  with 
integration  and  management  ser¬ 
vices  at  the  top. 


The  first  is  tiered  storage,  which 
makes  the  best  economical  and 
business  use  of  all  EMC’s  hard¬ 
ware  products:  the  high-end 
Symmetrix,  less-expensive 
Clariion  and  least-expensive 
Centera  storage  arrays. 

The  next  level  involves  protect¬ 
ing,  managing  and  migrating  data 
dynamically  Goulden  says. This  is 
where  Legato’s  software  comes  in 
for  EMC. 

Legato’s  NetWorker  data  protec¬ 
tion  and  recovery  software,  and 


NetWorker  FbwerSnap  and  Repli- 
Stor  enable  rapid  recover): 
Goulden  says.  EMC  plans  to  inte¬ 
grate  its  mainframe  protection 
product,  EMC  Data  Manager,  with 
NetWorker  longer  term. 

The  third  and  fourth  levels  of 
ILM  are  intertwined,  according  to 
Goulden.  They  are  the  ability  to 
implement  policies  that  can  clas¬ 
sify  data  and  applications  based 
on  business  rules;  followed  by  the 
ability  to  manage  structured 
See  EMC,  page  82 


IBM  buys  supply- 
chain  partner 


■  BY  ANN  BEDNARZ 

IBM  has  plans  to  expand  its 
portfolio  of  WebSphere  integra¬ 
tion  middleware  with  data  syn¬ 
chronization  software  from  Trigo 


Patch 

continued  from  page  1 


Security  update 
information  is  weak 
and  disjointed. 


when,  why  and  how  to  adopt 
security  updates.  Both  com¬ 
mercial  and  open  source  soft¬ 
ware  vendors  make  it  difficult 
to  track  what  security  updates 
apply  to  our  machines. 

When  Microsoft  announced 
numerous  security  updates  in 
October,  its  announcement 
was  unclear  at  best  and 
downright  confusing  at  worst. 

Microsoft’s  Web  site,  depend¬ 
ing  on  what  page  you  looked 
at,  gave  you  different  versions 
of  what  patches  were  avail¬ 
able.  Adding  to  the  confusion 
were  separate  and  irregularly 
cross-referenced  notices.  The 
Windows  summary  for  last 
October  covers  MS03-041 
through  MS03-045. There  is  no  mention  of  how 
to  find  announcements  about  other  Microsoft 
products,  and  therefore  it  totally  misses  the 
Exchange  announcements,  which  were 
labeled  MS03-046  and  MS03-047  (note  these 
are  labeled  from  the  same  naming  system, 
adding  further  to  the  confusion). 

There  is  no  single,  definitive  place  to  look  on 
the  Microsoft  Web  site  for  patch  information. 

Not  only  does  Microsoft  make  it  hard  to  find 
the  right  information,  but  the  information  can 
change  overnight.  Just  last  week,  when 
Redmond  rolled  out  its  security  patches  for 
the  month  of  March,  it  announced  three 
patches  for  various  products  on  Tuesday  and 
had  to  turn  around  and  revise  both  the  sever- 


Microsoft 

Secondary  Offenders: 
Apple,  Novell,  Red  Hat 


Create  a  single  point 
of  security  update 
information. 


Join  our  online  forum 
at  www.nwfusion.com, 
DocFinder:  1135. 


ity  rating  and  the  client 
update  package  less  than  24 
hours  later. 

This  patch  confusion  issue 
is  not  unique  to  Microsoft  or 
to  commercial  vendors  in 
general  for  that  matter. 

Open  source  projects  are 
not  exempt  from  this  charge; 
take  the  slew  of  OpenSSH 
updates  issued  last  fall,  for 
example.  The  OpenSSH  team 
released  three  updates  in  two 
days  (3.6. 1  pi ,  3.7. 1  p  1  and 
3.7.  Ip2)  before  they  finally  got 
one  of  the  known  vulnerabili¬ 
ties  corrected. 

You  can  subscribe  to  vendor 
announcement  services,  mon¬ 
itor  SANS  Web  sites  and  hang 
out  on  security  mailing  lists, 
but  these  are  not  reasonable 
ways  to  learn  about  security 
updates.  Why  should  we  have  to  rely  on  the 
kindness  of  strangers  to  learn  what  patches 
we  need  to  apply? 

The  challenge 

As  Dr. Tina  Bird,  computer  security  officer  at 
Stanford  University  has  suggested  in  her  SANS 
lectures,  users  should  have  a  standardized 
means  by  which  they  can  go  to  any  vendor’s 
Web  site  and  identify  any  security  updates 
that  are  issued. 

As  the  major  operating  system  vendors,  we 
throw  our  Tester’s  Challenge  gauntlet  at  the 
feet  of  Apple,  Microsoft,  Novell  and  Red  Hat. 
We  challenge  you  to  create  an  effective,  sim¬ 
plified  means  by  which  we  can  get  our  hands 


on  pertinent  patch  information  pertaining  to 
your  products. 

We’d  like  to  see  a  single  point  of  contact  — 
like  “abuse@”  or  postmaster@  —  so  software 
users  have  a  straightforward, easily  identifiable 
point  of  contact.  We  also  want  a  central  place 
to  run  to  on  your  Web  sites  —  such  as  www. 
companycom/security-updates  —  that  lists  all 
security  vulnerabilities  and  corresponding 
patches. 

In  this  challenge,  we’re  not  asking  for  these 
companies  to  fix  all  the  ills  of  the  patching 
dilemma  —  although  that  would  be  nice 
because  we’re  paying  good  money  for  these 
products  —  we  just  want  a  simple,  effective 
way  of  locating  the  patches. 

Network  professionals  responsible  for  main¬ 
taining  the  security  of  their  systems  need 
clear-cut  information  directly  from  the  horses’ 
mouths.They  need  to  know: 

•  How  to  learn  new  updates  are  available. 

•  How  to  retrieve  updates  (online  or  off). 

•  How  to  confirm  the  update  applies  to  their 
network. 

We  have  to  spend  enough  time  hunting 
down  security  issues  without  having  to  waste 
time  hunting  for  appropriate  security  updates. 

Given  the  resources  in  terms  of  money,  peo¬ 
ple  and  equipment  that  Microsoft  has,  it 
shouldn’t  be  this  difficult  to  distribute  its  secu¬ 
rity  updates  in  a  clear,  coherent  manner. 

We  re  prepared  to  print  your  800-word  reply 
letting  us  know  exactly  how  you  can  make 
that  happen.  For  the  security  handlers  at 
Apple.  Novell  and  Red  Hat  —  or  any  other 
vendor  that  has  a  plan  to  address  this  issue  — 
we  invite  you  to  chime  in  with  your  plans  to 
provide  better  update  information  in  our 
online  forum.  ■ 


Technologies. 

Big  Blue  last  week  announced 
plans  to  buy  its  partner  of  nearly 
three  years,  Trigo,  for  an  undis¬ 
closed  amount  in  a  stock  trans¬ 
action  slated  to  close  next  quar¬ 
ter.  Privately  held  Trigo’s  expertise 
is  in  streamlining  collaboration 
among  supply-chain  partners.  Its 
Product  Center  software  links 
product-related  information 
such  as  style,  size  and  color,  with 
transaction  terms  such  as  pric¬ 
ing,  and  then  publishes  this  infor¬ 
mation  to  internal  enterprise 
applications  and  external  busi¬ 
ness-partner  systems. 

The  majority  of  Trigo’s  success 
has  been  with  retail  and  con¬ 
sumer  packaged  goods  compa¬ 
nies,  which  struggle  to  keep  track 
of  hundreds  of  attributes,  for  thou¬ 
sands  of  products,  across  dozens 
of  applicatiorts.  Trigo  user  Albert¬ 
sons,  in  Boise,  Idaho,  depends  on 
Product  Center  to  manage  1  mil¬ 
lion  items,  from  about  5,000  sup¬ 
pliers,  for  its  2,300  grocery  and 
drug  stores, said  Tom  Reilly  CEO  of 
Trigo,  in  a  conference  call  detail¬ 
ing  the  IBM  buyout. 

The  pending  acquisition  high¬ 
lights  the  growing  importance  of 
data  integrity  in  business-to-busi- 
ness  transactions.  Administrative 
and  paperwork  errors  are  respon¬ 
sible  for  13%  of  the  $46  billion 
retailers  could  lose  annually  to 
inventory  inefficiencies  and  theft, 
according  to  research  from  Ernst 
&  Young 

The  Trigo  purchase  will  help 
round  out  IBM’s  own  data  inte¬ 
gration  offerings  and  provide 
ammunition  in  its  ongoing  effort 
to  assemble  industry-specific 
middleware  offerings.* 


COMPANIES  THAT  WERE 
JUST  IDEAS  YESTERDAY 
RUN  SAP 


What  if  you’re  onto  something  big,  but  aren’t  big  yet?  Start  with  SAP®  solutions  for  small  and  midsize  companies.  Solutions  designed  to  fit 
any  size  business  —  and  any  size  budget.  And  because  they’re  built  with  expansion  in  mind,  they  won’t  just  help  you  grow,  they  will  grow 
with  you.  Visit  sap.com/ideas  or  call  800  880  1727,  because  we  have  a  few  big  ideas  of  our  own. 
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Extreme  unites  wired,  wireless  nets 


B  BY  JOHN  COX 

Extreme  Networks  this  week  plans  to  roll 
out  a  blade  that  ties  wireless  LAN  access 
points  into  the  company’s  Alpine  3800 
wiring  closet  switches. 

The  32-port  module,  with  Power  over 
Ethernet  (FbE).  fits  into  Extreme’s  unified 
access  strategy,  which  involves  letting  the 
existing  network  infrastructure  support  a 
range  of  clients.  New  code,  added  to  the 
Alpines  management  module,  is  the  basis 
for  authenticating  wireless  users.and  secur¬ 
ing  and  managing  the  access  points. 

Also  new: 

•  Code  changes  so  the  switch  can  use  a 
device’s  media  access  control  address  to 
authenticate  with  RADIUS  servers. 

•  Use  of  Secure  Sockets  Layer  to  encrypt 
the  network  logon 

•  RF  Manager,  a  rebranded  third-party 
application  for  designing  and  managing 
the  WLAN  radio  environment:  modified  to 
work  with  the  Alpine  switch  and  Extreme’s 
EPICenter  network  management  system. 

Extreme  is  the  first  vendor  to  introduce 
this  WLAN  approach  in  wireline  switches, 
although  Cisco  and  Foundry  Networks 


have  said  they’ll  do  the  same.  By  contrast, 
WLAN  switches  from  companies  such  as 
Airespace  are  dedicated  boxes  that  create, 
in  effect,  a  WLAN  that’s  separate  from  the 
wired  infrastructure. 

Last  September.  Extreme  began  shipping 
the  Summit  300-48,  an  edge  switch  that 
could  handle  wireless  and  wired  applica¬ 
tions,  with  its  companion  thin  access  point, 
the  Altitude  300. 

The  software  developed  for  the  Summit 
has  been  incorporated  into  the  system  and 
management  software  for  the  Alpine.  The 
switch  powers  eight  of  the  32  10/100  Base- 
T  ports  in  the  new  WLAN  module.  A  sepa¬ 
rate  power  supply  unit  has  to  be  added  for 
the  remaining  24  ports 

The  San  Francisco  Museum  of  Modern 
Art  has  adopted  the  unified  access 
approach  through  its  use  of  Extreme’s  high- 
end  Black  Diamond  and  Summit  switches. 
The  museum  deployed  15  Summit  300 
switches  last  year  and  created  a  WLAN  cov¬ 
ering  the  public  areas  of  the  downtown  site 
with  20  Altitude  access  points. 

“Unified  access  is  the  way  wireless  inte¬ 
grates  into  your  switches,  with  the  wireless 
‘smarts’  built  into  the  switch,”  says  Leo 


Ballate.  IT  director  for  the  museum.  “You 
have  one  central  interface,  and  you  can 
manage  the  access  points,  the  [Summit] 
switches  and  the  Black  Diamond.” 

Using  Extreme’s  EPICenter  management 
system.  Ballates  seven-person  department 


can  administer  the  entire  network. 

The  new  Alpine  3800  802.3af  FbE  module 
is  expected  to  ship  next  month,  and  costs 
about  $3,000.  A  basic  version  of  the  RF 
Manager  software  costs  about  $5,000.  and 
the  advanced  version  nearly  $14,000.  ■ 


aishowdown 


Log  on  March  29  to  participate  in  an  online  debate  featuring  six  vendors. 

We’ve  challenged  Airespace, Aruba, Cisco,  Extreme,  Symbol  and  Trapeze  to  duke  it  out 
in  a  weeklong  online  debate,  discussing  everything  from  why  they  matter  to  technical 
product  differences.  On  March  29,  we’ll  post  the  first  round  of  vendor  answers  to  questions 
from  Network  World  Senior  Editor  John  Cox  and  Craig  Mathias,  principal  of  the  Farpoint 
Group.Tuesdav  and  Wednesday  the  vendors  will  get  the  chance  to  question  each  other, 
and  Thursday  and  Friday  we  throw  the  doors  open  for  questions  from  you.  So  log  on 
to  www.nwfusion.com  and  follow  what  is  shaping  up  to  be  a  lively  debate. 


Vendors  tackle  electronic  records  retention 


■  BY  ANN  BEDNARZ 

Bank  of  America’s  securities 
unit  last  week  agreed  to  pay  a 
record  $10  million  penalty  to  the 
Securities  and  Exchange  Com¬ 
mission  for  record-keeping  vio¬ 
lations  and  failing  to  produce 
documents  —  in  particular, 
e-mails  —  requested  as  part  of 
an  SEC  investigation. 

The  fine  is  the  largest  imposed 
for  a  violation  of  this  type,  the  SEC 
says.  But  it’s  not  the  first.  In  2002, 
five  Wall  Street  brokerages  each 
accepted  a  $1.65  million  fine  for 
improperly  storing  e-mails. 

Despite  a  string  of  corporate 
governance  scandals  related  to 
archiving  electronic  documents. 
U.S.  companies  still  aren’t  vigi¬ 
lant  about  handling  such  com¬ 
munications.  Many  have  no  poli¬ 
cies  in  place  for  retaining  and 
destroying  e-mail,  instant  mes¬ 
sages  and  other  electronic  con¬ 
tent,  according  to  a  pair  of  pro¬ 
fessional  organizations. 

The  Association  for  Information 
and  Image  Management  (AI1M) 
and  the  Association  of  Records 
Managers  and  Administrators 
(ARMA)  last  week  unveiled  the 
results  of  a  survey  of  2.200 
records  managers.  Among 
respondents,  47%  say  their  com¬ 
pany  doesn’t  include  electronic 


An  ongoing  job 

Keeping  electronic 
archives  accessible 
requires  migrating 
old  records  to  new 
storage  platforms  as 
technologies  age.  Yet, 

70% 

of  companies  do  not 
have  a  records 
migration  plan. 

SOURCE:  AIIA  AND  ARMA 


records  in  its  retention  and 
destruction  schedules,  and  59% 
don’t  have  a  formal  e-mail  reten¬ 
tion  policy 

While  certified  records  man¬ 
agers  typically  handle  paper  doc¬ 
uments,  the  job  of  overseeing 
electronic  records  falls  to  the  IT 
department,  according  to  71%  of 
the  survey’s  respondents. 

Eager  to  help  with  corporate 
record-keeping  practices  are  soft¬ 
ware  and  services  vendors  — 
many  of  which  unveiled  new 
wares  at  AIlM’s  enterprise  con- 
tent-management  conference 
held  last  week  in  New  York. 


Open  Text,  for  example,  an¬ 
nounced  plans  to  add  instant¬ 
messaging  capabilities  to  its  Live- 
link  collaboration  and  content 
management  software  suite.  The 
company’s  new  Livelink  Instant 
Messenger,  due  this  week,  pro¬ 
vides  tools  for  creating  secure, 
auditable  instant  messages.  It  sup¬ 
ports  common  IM  functions.such 
as  displaying  which  colleagues 
are  online  and  letting  users  per¬ 
sonalize  contact  lists.  Livelink  IM 
gives  users  the  option  of  retaining 
IM  content,  which  the  software 
then  indexes  to  allow  for  subse¬ 
quent  searches  and  retrieval. 

Meanwhile.  Iron  Mountain 
debuted  Enterprise  E-Mail  Man¬ 
agement,  adding  to  its  portfolio 
of  outsourced  records  and  infor¬ 
mation  management  services. 
The  new  service  adds  tools  to 
address  e-mail  compliance  re¬ 
quirements.  For  example,  users 
can  classify  mail  items  for  reten¬ 
tion  purposes,  the  vendor  says. 
Under  the  covers,  Legatos 
EmailXtender  technology  ana¬ 
lyzes,  captures  and  forwards  spe¬ 
cific  mail-server  content  to  Iron 
Mountain’s  Web-based  Digital 
Archive  service,  which  indexes 
and  stores  the  content. 

FileNet  unveiled  Web-based  soft¬ 
ware  that  combines  collabora¬ 
tion,  business  process-manage¬ 


ment  and  content  management 
capabilities.  Team  Collaboration 
Manager  provides  tools  for  run¬ 
ning  discussion  forums.  Web 
meetings  and  interactive  polls, 
and  it  captures  content  according 
to  corporate  practices  for  regula¬ 
tory  compliance.  The  software, 
which  is  scheduled  to  ship  in  the 
third  quarter,  is  integrated  with 
other  modules  in  FileNet’s  P8 
suite,  including  Web  Content 
Manager  for  publishing  content  to 
corporate  Web  sites,  and  Records 
Manager  for  managing  project 
content  in  accordance  with  cor¬ 
porate  governance  and  regulatory 
compliance  mandates. 

EMC  division  Documentum 
also  unveiled  compliance  prod¬ 
ucts  that  are  aimed  at  helping 
companies  address  regulatory 
and  business  requirements 
across  content  life  cycle. 

Documentum  launched  Com¬ 
pliance  Manager,  a  new  Web- 
based  application  that  lets  com¬ 
panies  create,  store,  share,  revise, 
approve  and  distribute  informa¬ 
tion  within  an  audited  environ¬ 
ment.  With  Compliance  Manager, 
companies  can  develop  and 
monitor  content-related  process¬ 
es  in  accordance  with  regulatory 
requirements  and  industry  stan¬ 
dards.  the  vendor  says.  For  exam¬ 
ple,  the  product  supports  compli¬ 


ance  with  the  Food  and  Drug 
Administration's  requirements  for 
electronic  records  and  signa¬ 
tures.  as  well  as  SEC  and 
Environmental  Protection 
Agency  regulations 
Also  Adobe  Systems  previewed 
new  forms-processing  technology 
that  can  handle  electronic  and 
paper  form  submissions.  The  key 
to  the  new  technology  —  which  is 
part  of  Adobe’s  Intelligent  Docu¬ 
ment  Platform  —  is  a  bar  code 
that  Adobe  says  can  eliminate  the 
need  for  manual  data  entry  It's 
designed  for  companies  that  deal 
with  a  high  volume  of  paper 
forms  such  as  tax  returns,  account 
applications  and  change-of- 
address  requests.  Adobe  says 
With  the  new  tools,  a  company 
can  create  a  bar-code-enabled 
Adobe  PDF  form  to  be  distrib¬ 
uted  via  the  Web.  e-mail  or  CD- 
ROM.  As  the  customer  fills  in  the 
form,  the  bar  code  captures  data 
being  input.  Even  if  the  customer 
opts  to  print  the  form  and  then 
mail  or  fax  it  back,  the  bar  code 
retains  an  electronic  version  of 
the  form  data.  Upon  receipt,  the 
company  can  scan  the  bar  code 
to  capture  the  form  data  and 
deliver  it  to  a  back-end  system  for 
processing.The  bar-code-enabled 
forms  software  is  expected  to  be 
available  by  vear-end.  ■ 
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Double  your  productivity  with  Scan2  technology. 


The  best  way  to  stay  ahead  is  to  double  your 
productivity.  Introducing  Scan2  technology 
Scan2  from  Sharp.  Sharp's  Digital  Imagers  with  Scan2 
technology  are  designed  to  scan  two-sided  documents  in 
a  single  pass. 

Now  your  training  manuals  and  white  papers  can  be 
scanned,  copied,  emailed  and  digitally  distributed  quicker 
than  ever  before. 


In  fact,  it's  115%  faster  than  any  other  product  in  its 
class.  Not  only  is  it  like  having  double  the  help,  it  will  also 
allow  you  to  accomplish  more  tasks,  in  dramatically  less  time. 
Together  with  Sharp's  integrated  network  management 
software  and  security  features,  your  digital  information  is 
safe  and  workflow  is  fully  optimized. 

Visit  sharpusa.com/scan2  or  call  T800-BE-SHARP  for 
more  information. 


The  AR-M550,  AR-M620  and  AR-M700: 

.  Operate  at  55,  62  and  70  pages-per-minute 
.  Fully  integrated  network  ready  digital  copier/printers 
.  Include  network  management  software  and  document 
filing  capability 


be  sharp 


•  Results  of  Buyers  Laboratory  Inc.  Document  Feeding  Speed  tests  (originals  per  minute)  in  2:2  mode  for  Sharp  AR-M550  vs.  the  following  manufacturers' competitive  models:  Canon  iR  5000  and  5020,  HP  9055  MFP,  Konica  7155,  Kyocera  Mita  KM-5530,  Ricoh  Aficio  1055  and  551,  and 

Toshiba  e- STUDIO  550.  C2003  Sharp  Corporation 
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AT&T  teams  up  to  offer  Web  services 


lfc[No  Web  services  company 
other  than  Grand  Central]  brings 
together  the  same  multiprotocol 
and  multi-version  [software] 
support  and  orchestration.  11 

Bob  Lamoureux 

Chief  architect,  Thomson  Financial 


■  BY  DENISE  PAPPALARDO 

AT&T  is  rolling  out  its  first  Web 
services  offering,  which  the  com¬ 
pany  says  will  let  IP  users  better 
integrate  applications  internally, 
and  more  easily  support  cus¬ 
tomer  and  other  third-party  ac¬ 
cess  to  specific  applications. 

AT&T  is  teaming  with  applica¬ 
tion  integration  company  Grand 
Central  Communications  to  sup¬ 
port  AT&T  WebService  Connect. 

No  Web  services  company 
other  than  Grand  Central  “brings 
together  the  same  multiprotocol 
and  multi-version  [software] 
support  and  orchestration,”  says 
Bob  Lamoureux,  chief  architect 
at  Thomson  Financial,  an  operat¬ 
ing  unit  of  The  Thomson  Corp.in 
Stamford,  Conn.“We  have  a  good 
relationship  with  [AT&T],  and 
Grand  Central  had  the  platform 
but  not  the  network  footprint.” 
Coupling  the  services  made  all 
the  difference,  he  says. 

Lamoureux  says  Thomson  is 
organizing  its  Web  services  appli¬ 
cations  and  expects  to  have 
them  up  and  running  over  the 
WebService  Connect  network  in 
the  next  few  months. 

The  service  lets  customers  bet¬ 
ter  integrate  islands  of  applica¬ 
tions  deployed  throughout  a 
company  For  example,  a  com¬ 
pany  can  set  up  a  Web  services 


process  whereby  its  Siebel  Sys¬ 
tems  and  PeopleSoft  applications 
automatically  share  information. 

The  service  also  lets  users  open 
applications,  such  as  supply- 
chain  management  tools,  to  part¬ 
ners  or  customers  who  then  can 
check  inventory  easily  Customers 
specify  how  users  outside  their 
company  can  access  and  view 
specific  applications. 

Grand  Central  provides  the  plat¬ 
form,  which  is  essentially  middle¬ 
ware,  in  a  data  center  hosted  at  a 
West  Coast  location  the  company 
declined  to  divulge. The  platform 
is  based  on  open  Web  services 
standards  such  as  Simple  Object 
Access  Protocol,  and  more  tradi¬ 
tional  Internet  standards  such 
as  FTP  and  Electronic  Data  Inter¬ 
change  Internet  Integration  (ED1- 
lNT).The  Web  services  gateways, 
deployed  at  Grand  Central’s  facil¬ 
ities,  also  let  customers  exchange 
application  data  using  HTTP  and 
Simple  Mail  Transfer  Protocol 
(SMTP). 

Thomsons  Lamoureux  says  he 
likes  that  Grand  Central  supports 
not  only  Web  services  standards 
but  also  HTTP  and  SMTP  which 
lets  customers  that  haven’t  de¬ 
ployed  the  latest  Web  services 
protocols  access  Thomson’s 
applications. 

Grand  Central  has  multiple 
high-bandwidth  IP  connections 


coming  into  its  data  center,  but 
AT&T  WebService  Connect  users 
will  only  access  the  data  center 
over  dedicated  AT&T  IP  lines, 
says  Halsey  Minor,  CEO  and 
founder  of  Grand  Central. 

This  is  the  first  time  Grand 
Central  is  teaming  with  a  carrier. 
While  the  deal  is  not  exclusive, 
Minor  says,  the  company  has  no 
plans  to  court  another  domestic 
long-haul  provider. 

The  deal  between  AT&T  and 
Grand  Central  “could  accelerate 
the  adoption  of  Web  services,” 
says  Sophie  Mayo,  an  analyst  at 
IDC,  adding  that  Grand  Central 
has  a  good  business  model  but 
doesn’t  have  a  significant  client 
base.The  deal  with  AT&T  exposes 
the  offering  to  a  huge  salesforce 
and  client  base. 

While  AT&T  essentially  is  sell¬ 


ing  Grand  Central’s  service,  it  is 
planning  further  integration,  says 
Eric  Shepcaro,  vice  president  of 
application  networking  at  AT&T. 

“In  the  third  and  fourth  quar¬ 
ters  we’ll  be  integrating  the  ser¬ 
vice  into  our  [Integrated  Global 
Enterprise  Management  System] 
and  into  all  of  our  service 
processes  and  back-end  sys¬ 
tems,”  Shepcaro  says. 

Later  this  year,  the  offering  will 
be  more  visible  through  stan¬ 
dard  AT&T  tools  and  systems 
such  as  IGEMS.  “We  want  it  to 
look  like  any  other  AT&T  man¬ 
aged  service  offering,”  he  says. 

While  AT&T  would  not  provide 
specific  pricing,  Shepcaro  says 
users  will  be  charged  based  on 
the  amount  of  traffic  that’s  pro¬ 
cessed  per  month  at  Grand  Cen¬ 
tral’s  data  center.  ■ 


Mercury,  NetlQ  expand  apps  mgmt.  lines 


■  BY  DENISE  DUBIE 

Mercury  Interactive  and  NetlQ  are  separately 
introducing  software  they  say  will  help  com¬ 
panies  automate  more  of  the  application 
management  process. 

Mercury,  known  best  for  its  pre-production 
application-testing  tools,  has  packed  its  new 
Resolution  Center  suite  with  programs  for 
real-time  application  performance  monitor¬ 
ing.  The  software  includes  tools  for  trou¬ 
bleshooting  problems,  finding  the  root  cause 
of  application  errors  and  automating  correc¬ 
tive  actions. 

The  suite,  which  runs  on  a  centralized  server, 
uses  industry  standard  APIs  to  pull  application 
performance  data  such  as  response  time  from 
servers  and  other  systems  that  support  appli¬ 
cations.  Mercury  also  has  forged  partnerships 
with  vendors  such  as  BEA  Systems  and  Siebel 
Systems  to  develop  custom  APIs  for  their  soft¬ 
ware.  Using  the  collected  data,  Mercury  says 
its  software  can  correlate  performance  data  to 
pre-defined  service  levels. 

Resolution  Center  features  pre-defined  “run 
books”  of  problem  fixes  for  popular  applica¬ 


tions  such  as  those  from  PeopleSoft  and  SAP 
Run  books  also  can  be  customized  so  that 
senior-level  application  and  network  adminis¬ 
trators  can  put  their  own  processes  for  fixing 
applications  into  the  hands  of  lower-level 
staffers. 

Currently  in  beta,  Resolution  Center  is  sched¬ 
uled  to  be  available  in  the  third  quarter. 
Pricing  starts  at  about  $300,000  depending  on 
the  applications  managed  and  how  the  net¬ 
work  is  configured. 

For  its  part,  NetlQ  upgraded  its  AppManager 
package  to  include  more  automated  scripts 
and  introduced  a  new  management  console 
called  Control  Center  1.0  that  can  be  used  to 
show  how  systems  performance  relates  to 
application  uptime. 

A  new  knowledgebase  in  AppManager  will 
include  2,000  pre-written  scripts  and  monitor¬ 
ing  policies,  which  can  be  used  out  of  the  box 
or  customized. 

“NetlQ  is  extending  the  visibility  of  their  sys¬ 
tems  management  products  up  to  the  appli¬ 
cation  layer  and  giving  more  granular  details 
and  coverage  across  more  applications,”  says 
Stephen  Elliot,  a  senior  analyst  in  IDC’s  net¬ 


work  and  service  management  program. 

The  core  AppManager  technology  runs  on 
Windows,  while  Unix  and  Linux  boxes  are 
monitored  through  agents.  NetlQ  monitors 
many  components  in  the  application  infra¬ 
structure,  including  Web  servers,  application 
servers,  load  balancers  and  e-mail  systems. 

Scheduled  for  general  availability  in  six  to 
nine  months,  AppManager  6.0  costs  $2,500  for 
the  operator  console,  $600  for  base  Windows 
agents  and  $750  for  base  Unix  agents.  Control 
Center  1.0  is  included  with  the  AppManager 
6.0  Operator  Console.  ■ 


In  a  series  of  online-only  stories  this  week,  read  about  how  Ace 
Hardware,  Time  Warner  Cable,  Staples  and  others  are  tackling 
mainframe,  security,  configuration  and  other  network/system 
management  issues.  DocFinder  1133 
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Cai!  the  manager 

At  its  Management  Summit  this  week,  Microsoft  hopes  to  detail  products  within  its  Dynamic  Systems  Initiative, 
a  plan  to  create  a  comprehensive  management  platform  that  includes  a  number  of  forthcoming  improvements 
to  the  company’s  patch  management  tools. 


Products 

Description 

Availability 

Software  Update  Services  2.0 

Free  software  that  downloads  and  deploys  patches 
forWindows  and  other  server  applications. 

Microsoft  expected  to  preview  beta  at  this  week’s 
Management  Summit. 

Microsoft  Installer  (MSI)  3.0 

One  of  two  installers  that  will  replace  the  eight 
Microsoft  now  has  for  installing  patches. 

MSI  3.0  is  expected  to  ship  with  Windows  XP 
Service  Pack  2. 

Microsoft  Operations  Manager 
(MOM)  2004 

Event  and  performance-monitoring  tool. 

Expected  to  ship  the  first  half  of  2004. 

System  Management  Server 
(SMS)  2003 

Software  management  and  distribution  tool. 

Shipped  Jan.  20;  garnering  positive  reviews. 

System  Center 

Combination  of  MOM  and  SMS  for  managing  desktops, 
laptops,  PDAs,  applications  and  servers. 

Expected  to  ship  in  the  second  half  of  2004. 

Microsoft 

continued  from  page  1 

communicate  their  management  needs  to 
the  network.  DS1  was  announced  at  last 
year’s  conference  in  response  to  similar  util¬ 
ity  computing  plans  from  HPIBM  and  Sun. 
While  DSI  is  still  in  the  conceptual  stage, 
Microsoft  can  wait  no  longer  to  improve  the 
patch  tools  that  are  part  of  the  plan. 

“I  am  keeping  my  fingers  crossed  that 
they  put  out  better  tools  for  free  that  help 
me  manage  the  patching  of  their  products, 
including  Office,” says  Dave  Neige,  LAN  ad¬ 
ministrator  for  Dots  Fashions,  a  chain  of 
clothing  stores  based  in  Solon,  Ohio.  Neige 
runs  SUS  1 .0,  a  tool  he  says  lacks  intelli¬ 
gence  because  of  a  shortage  of  manage¬ 
ment  controls. 

“SUS  provides  no  history  and  no  audit¬ 
ing.  If  I  had  to  pay  for  it  I  wouldn’t  like  it,” 
says  Neige,  who  adds  that  budget  con¬ 
straints  prevent  him  from  deploying  a 
patch  management  platform  from  another 
vendor  such  as  BigFix,  ConfigureSoft  or 
Shavlik  Technologies. 

SUS  2.0  is  designed  to  correct  some  of  the 
flaws  Neige  points  out.  It  also  is  the  first  of 
a  handful  of  patch  tools  Microsoft  has 
promised,  including  Microsoft  Installer 


(MSI)  3.0,  a  one-stop  Web  site  that  would 
offer  patch  installer  technology;  all  Micro¬ 
soft  patches;  a  common  assessment  and 
reporting  engine  to  verify  whether  patches 
are  needed  and  installed  correctly;  and  the 
reduction  in  patch  size  to  conserve  band¬ 
width  during  deployment. 

Last  year,  Microsoft’s  chief  security  strate¬ 
gist  Scott  Charney  created  a  30-member 


internal  task  force  to  identify  those  needs 
and  consolidate  them  into  a  standardized 
architecture  to  stretch  across  all  Microsoft 
products.Today  the  company  has  a  hodge¬ 
podge  of  patch  tools  that  individual  prod¬ 
uct  groups  developed. 

Microsoft  CEO  Steve  Ballmer  said  last 
October  that  the  fruits  of  Charney’s  effort 
would  be  seen  in  May  2004  “with  one  patch¬ 
ing  experience  . . .  that  works  across  Win¬ 
dows  and  all  of  the  application  products.” 

So  far,  little  has  been  made  available. The 
beta  for  SUS  2.0  has  been  delayed  twice. 
The  second  beta  of  MSI  3.0  was  released  in 
January  and  the  final  version  is  expected  to 
ship  with  Windows  XP  Service  Pack  2  later 
this  year. 

Microsoft  consolidated  its  patch  releases 
onto  a  monthly  schedule  and  upgraded 
certain  tools,  such  as  the  Microsoft  Base¬ 
line  Security  Analyzer  (MBSA),  a  scanning 
engine  that  shipped  in  January 

Users  say  they  hope  to  see  a  new  road 
map  this  week,  but  some  are  forging  ahead 
without  Microsoft. 

“We  don’t  use  SUS  because  we  devel¬ 
oped  our  own  tools  that  basically  allow  us 
to  patch  machines  on  boot  up,”  says  Wally 
Beck,  security  manager  for  desktop  and 
servers  at  Gainesville  University  in 
Georgia.  “Microsoft  is  making  progress  but 
they  need  to  have  some  auditing  features 
to  make  sure  things  are  installed  correctly’ 

Microsoft  says  the  software  is  expected  to 
add  support  for  Office,  SQL  Server  and 
Exchange  patches,  as  well  as  simple  report¬ 
ing  capabilities,  support  for  the  uninstall 
feature  contained  in  some  patches  and 
additional  administrative  controls. 

“We  are  unsure  just  how  good  2.0  may 
be,”  says  Mark  Shavlik,  president  of 
Shavlik,  which  licenses  patch  technology 
to  Microsoft  for  use  in  HFNetChk  and 
MBSA. “Testers  who  saw  early  [SUS]  code 
late  last  year  said  it  wasn’t  ready. The  feed¬ 
back  was  it  was  too  manual.” 

Another  question  is  the  overlap  with 
System  Management  Server  (SMS)  2003, 
released  just  two  months  ago,  which  also 
has  patching  capabilities. 

“I  don’t  understand  the 
purpose  in  creating  new 
technology  to  do  a  task  that 


is  addressed  by  SMS,” says  Peter  Pawlak.an 
analyst  with  Directions  on  Microsoft,  an 
independent  research  firm.  “They  should 
make  two  versions  [of  SMS] ,  one  a  basic 
version.” 

SMS  and  SUS  differ  in  many  ways,  with 
SMS  capable  of  deploying  software  other 
than  patches  and  working  in  a  distributed 
fashion.  SUS  is  free;  SMS  is  licensed. 

Microsoft  has  promised  it  will  use  this 
week’s  show  to  explain  how  the  two  tech¬ 
nologies,  which  are  built  on  different 
architectures,  complement  one  another. 

Along  with  that  explanation,  Microsoft 
also  is  scheduled  to  give  previews  of  MSI 
3.0.  The  installer  technology  for  server 
and  other  applications  dictates  the  way 
patches  install  and  report  problems. 
Operating  system  patches  are  installed 
using  a  technology  called  Update.exe. 
While  MSI  3.0  will  help  solve  the  tangle  of 
eight  installer  technologies  Microsoft  has 
today,  the  key  will  be  adding  support  in 
existing  products. 

“I  hope  to  hear  that  the  installer  technol¬ 
ogy  will  give  me  more  control  [over  in¬ 
stalling/verifying  patches] ,”  says  Brad  Car¬ 
penter,  senior  systems  analyst  with  Lane 
Country  in  Eugene,  Ore.  Carpenter  has 
shunned  Microsoft’s  tools,  relying  instead 
on  LANDesk’s  Management  Suite  8  patch 
management  tools  because  they  provide 
a  more  holistic  approach  to  patching. 

In  addition,  users  say  they  hope  to  hear 
when  Microsoft  will  fulfill  its  promise  to 
deliver  one  Web  site  where  they  can 
download  any  Microsoft  patch  for  any 
product.  The  company  has  been  adding 
Exchange  and  SQL  Server  patches  to  the 
existing  Windows  Update  site,  which  pre¬ 
viously  had  been  only  for  Windows 
patches. 

Despite  all  the  promised  technology 
gains,  end  users  and  experts  say  a  key 
factor  toward  the  success  of  improving 
patching  lies  in  the  consistency  of  the 
data  that  the  new  technologies  provide. 
Users  have  complained  for  years  that  re¬ 
sults  returned  by  different  Microsoft 
tools  don’t  always  match,  leaving  users 
uncertain  if  patches  are  cor¬ 
rectly  installed  or  installed 
at  all.B 
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■  LAN/WAN  SWITCHES  AND  ROUTERS 

■  ACCESS  DEVICES  ■  SERVERS  ■  VPNS 

■  OPERATING  SYSTEMS  ■  NETWORKED  STORAGE 

■  VOIP  ■  WIRELESS  NETWORKS 


■  Enterasys  Networks  this  week 
released  its  Dragon  Remote  Site,  an 
intrusion-detection  appliance  for 
remote  offices.  With  the  rack-mount¬ 
able  device,  Enterasys  says,  users 
can  deploy  intrusion  detection  at 
branch  offices  with  minimal  onsite 
configuration  while  managing  the 
appliances  from  a  Dragon  Enterprise 
Management  Server  in  a  central 
office.  The  Remote  Site  costs  $4,000. 

■  Fujitsu  last  week  announced  a 
blade  server  based  on  Intel’s  Xeon 
DP  processor. The  dual-processor 
Primergy  BX600  slides  into  a  cus¬ 
tom  7U-high  enclosure  that  can 
house  as  many  as  10  blade  servers. 
Each  server  can  support  as  much  as 
12G  bytes  of  memory  and  two  Ultra- 
SCSI  hard  drives.  The  BX600  is  avail¬ 
able  with  2.8-GHz,  3.06-GHz  or  3.20- 
GHz  Xeon  DP  processors.  Later  this 
year,  Fujitsu  plans  to  ship  a  four- 
processor  Xeon  MP  blade  that  will  be 
compatible  with  the  BX600  enclosure. 
Not  counting  the  approximately 
$7,000  for  the  chassis  to  house  the 
blades,  a  single-processor  BX600 
with  512M  bytes  of  memory  and  a 
36G-byte  hard  drive  will  sell  for  about 
$2,400,  Fujitsu  says. 

■  Targeting  large  clustering  and  dis¬ 
tributed  application  users,  Silicon 
Graphics  last  week  unveiled  its 
256-processor  Altix  3000  super¬ 
computer  and  said  it  was  readying  a 
512-processor  product  that  it 
expects  to  begin  shipping  by  year’s 
end.  Clustered  versions  of  the  Altix 
3000.  which  use  more  than  one  copy 
of  Linux,  also  will  be  available  in 
configurations  with  four  to  512 
processors.  The  supercomputer  is 
expected  to  eventually  scale  up  to 
2,048  processors,  and  SGI  plans  to 
offer  its  next-generation  Numalink4 
interconnect  technology  only  on  the 
Altix  3000.  Pricing  for  the  Altix  3000 
starts  at  $4.1  million  for  a  system 
with  256  1.3-GHz  Itanium  2  pro¬ 
cessors  with  3M  bytes  of  cache, 
SGI’s  Advanced  Linux  Environment 
2.1  with  SGI  ProPack  2.4,  and  256G 
bytes  of  memory. 


Net6  offers  twist  on  remote  access 


■  BY  TIM  GREENE 

Net6  has  introduced  a  gateway  aimed  at 
letting  users  gain  full  network  access  to 
corporate  applications  using  a  lightweight 
client  or  just  a  Web  browser  to  connect. 
The  company  says  its  Net6  VPN  Gateway 
solves  drawbacks  of  two  popular  Internet- 
based  access  methods:  IPSec  VPNs  and 
Secure-Sockets-Layer-based  remote  access. 

While  the  technologies  have  similar  char¬ 
acteristics,  they  have  differences  that  mat¬ 
ter  to  customers.  For  instance,  employees 
of  e-mail  security  service  provider  Fbstini 
use  Net6  VPN  Gateway  instead  of  a  Cisco 
IPSec  gateway  because  it  is  easier  to  dis¬ 
tribute  the  necessary  client  software  and  to 
administer,  says  Jon  Prall,  Postini’s  vice 
president  of  engineering. 

Net6  remote-client  software  is  a  Web 
download  that  updates  itself  each  time 
users  log  on  to  a  gateway.  The  Cisco  gear 
requires  installing  the  client,  he  says.  The 
client  makes  an  SSL  connection  to  the 
Net6  VPN  Gateway,  which  sits  between  a 
corporate  firewall  and  servers  the  remote 

See  VPN,  page  20 


Easy  opening 


Net6  says  its  VPN  Gateway  allows  full  access  to  all  network  applications 
without  requiring  firewall  reconfiguration  and  without  having  to  update 


remote-client  policies. 


A  remote  user  with  a  Net6  remote 
client  connects  to  a  Net6VPN  Gateway 
over  the  Internet,  downloads  client 
updates  and  establishes  an  SSL 
session  with  the  gateway. 
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Application  traffic  is  sent  over  the  SSL 
session  to  the  gateway,  which  terminates 
the  SSL  session  and  creates  a  separate 
link  to  the  target  application  server  on 
the  protected  network. 
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Because  the  gateway  breaks  the 
client-server  connection  in  two, 
it  blocks  the  private  network 
from  visibility  over  the  Internet. 
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Cisco  raises  its  security  profile 


■  BY  PAUL  ROBERTS 

Cisco  last  week  announced  enhance 
ments  to  a  number  of  its  software  products 
and  hardware  designed  to  make  corporate 
networks  more  resilient  to  attacks. 

The  company  unveiled  new  VPN  hard¬ 
ware  and  new  features  for  the  Internetwork 
Operating  System  (IOS)  and  Security  De 
vice  Manager  software  to  support  firewalls 
and  spot  the  source  of  denial-of-service 
(DoS)  attacks.  The  new  products  and  fea¬ 
tures  are  part  of  Cisco’s  Self-Defending 
Network  strategy  to  create  autonomic  re¬ 
sponses  to  network  security  threats,  the 
company  says. 

On  the  hardware  side,  Cisco  extended 
VPN  support  to  the  7301  Router,  letting  that 
device  support  370M  bit/sec  VPN  through¬ 
put  in  addition  to  a  firewall,  routing  and 
quality-of-service  management  features, 
the  company  says. 

Cisco  also  added  a  new  device  to  its  3000 
line  of  VPN  concentrators:  the  VPN  3020 
Concentrator.  That  device  has  integrated 
IPSec  and  Secure  Sockets  Layer  remote- 
access  features  and  can  support  up  to  750 


concurrent  VPN  users  with  IPSec  and  up  to 
200  users  in  SSL  mode,  Cisco  said. 

On  the  software  front,  Cisco  unveiled  a 
number  of  new  security  features  that  come 
with  IOS  Software  Release  12.3T. 

The  IP  Source  Tracker  is  an  IOS-based 
security  tool  that  lets  customers  access 
Cisco  routers  using  a  special  “management 
channel”  even  when  they  are  the  target  of  a 
DoS  attack.  New  command-line  interface 
features  in  IOS  give  administrators  more 
control  over  security  operations  by  restrict¬ 
ing  access  to  features  based  on  adminis¬ 
trative  roles,  Cisco  says. 

The  company  also  announced  better  fire¬ 
wall  support  from  IOS  that  will  let  IT 
administrators  divide  their  network  into 
trust  zones  based  on  IP  addresses.  Also,  a 
new  software  product,  the  Cisco  IOS  Fire¬ 
wall  for  IPv6,  supports  inspection  of  IPv4 
and  IPv6  traffic  and  protocol  anomaly  in¬ 
spection,  Cisco  says. 

Among  other  things,  IPv6  lengthens  IP 
addresses  from  32  to  128  bits,  which  will 
accommodate  a  new  generation  of  net¬ 
worked  devices. 

A  new  version  of  the  Cisco  Security  De¬ 


vice  Manager  features  start-up  wizards  that 
make  it  easier  to  deploy  security  products, 
update  Cisco  router  configurations  and 
lock  down  network  security  Security  De¬ 
vice  Manager  Version  1.1  also  extends  sup¬ 
port  to  the  Cisco  7200  series  router,  the 
company  says. 

Cisco  faces  tougher  competition  on  the 
security  front  after  the  February  announce¬ 
ment  that  chief  competitor  Juniper  is  buy¬ 
ing  firewall  giant  NetScreen  Technologies. 

The  company  has  been  working  in 
recent  months  to  raise  its  security  profile. 

In  November, Cisco  and  leading  anti-virus 
companies  announced  the  Cisco  Network 
Admission  Control  program,  which  lets 
Cisco  routers  evaluate  information, such  as 
whether  a  particular  computer’s  anti-virus 
definitions  are  up  to  date  and  its  operating 
system  is  adequately  patched,  before  let¬ 
ting  it  connect  to  a  network.The  company 
also  is  collaborating  with  IBM  to  let  IBM’s 
products  communicate  more  directly  with 
Cisco’s  network  security  technology 

Roberts  is  a  correspondent  with  the  IDG 
News  Service's  Boston  bureau. 
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Get  all  this  only  with  IBM  eServer'  BladeCenter ™  systems  and  JS20  blades. 


Consolidate  multiple  applications / 

Run  Linux  in  both  32- 

Proven,  time-tested 

Over  80%  fewer  cables 

Scale  out  (simply) 

workloads  to  reduce  TCO. 

and  64-bit  environments. 

POWER  architecture. 

than  stand-alone  servers. 

on  demand. 

@  server 

— -  ® 


The  BladeCenter  JS20t  is  powered  by  advanced  POWER 
processor  technology.  (Slide  it  into  the  BladeCenter  system 
and  you’ve  got  the  power  to  advance  your  business.) 


•Operating  system  and  BladeCenter  chassis  sold  separately.  'BladeCenter  system  with  generic  blades  depicted  above.  IBM,  the  e-business  logo,  eServer,  the  eServer  logo,  BladeCenter,  POWER  and  PowerPC  are 
trademarks  or  registered  trademarks  ot  International  Business  Machines  Corporation  in  the  United  States  and/or  other  countries.  Other  company,  product  and  service  names  may  be  trademarks  or  service  marks 

of  others  -  2004  IBM  Corporation.  All  rights  reserved. 
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ymbol  CEO  sees  challenges  ahead 


9  BY  JOHN  COX 

Symbol  Technologies’  top  executive  is 
touting  the  company’s  recent  financial  re¬ 
sults  as  evidence  of  its  turnaround  in  the 
wireless  LAN  market,  but  so  far  Wall  Street 
isn’t  staging  a  party 

The  results  offer  a  chance  to  evaluate 
whether  Symbol  is  shaking  off  ill  effects  of 
the  accounting  scandals,  resignations  and 
shareholder  lawsuits  that  have  dogged  the 
company  for  two  years. 

President  and  CEO  William  Nutti,  who 
took  over  in  December,  points  to  achieve¬ 
ments  in  what  he  calls  a  “year  of  transition.” 
But  he  readily  acknowledges  there  is  a  lot 
of  work  remaining. 

Symbol  announced  March  4  that  fourth- 
quarter  revenue  of  $393  million  was  5% 
higher  than  a  year  ago  but  still  fell  short  of 
the  expected  $400  million.  Net  income  for 
the  quarter,  at  $16.2  million,  was  the  best  in 
fiscal  2003  and  much  better  than  the  $69 
million  loss  reported  a  year  ago. 

Overnight,  Symbol’s  stock  dropped  from 
$18  per  share  to  open  on  March  5  at  about 
$15.50.  It  rallied  slightly  then  declined  to 


about  $14.50  and  was  trading  just  above 
that  for  several  days  last  week. 

Wall  Street  seemed  to  be  ignoring  what 
Nutti  says  is  the  company’s  very  solid  per¬ 
formance  in  2003  in  the  face  of  a  “tremen¬ 
dous  number  of  challenges.”They  included 
fraud  and  allegations  of  financial  irregular¬ 
ities,  mass  exodus  of  veteran  employees 
from  the  boardroom  and  executive  suite, 
shareholder  lawsuits,  and  ongoing  investi¬ 
gations  by  the  Securities  and  Exchange 
Commission  (SEC)  and  U.S.  Department  of 
Justice. 

That’s  not  counting  the  very  slow  growth 
in  IT  spending,  the  outbreak  of  war  in  Iraq 
and  of  SARS  in  Asia.“We  were  awaiting  the 
[plague  of]  locusts  around  June,”  Nutti 
jokes. 

Symbol  is  a  top  vendor  of  bar-code  scan¬ 
ning  devices,  specialty  and  rugged  mobile 
computers,  and  WLANs.  Its  financial  report¬ 
ing  came  under  scrutiny  in  2002,  leading  to 
a  steady  stream  of  bad  news  for  customers 
and  investors.Two  executives  pleaded  guilty 
to  federal  fraud  charges.  Last  December 
then-CEO  and  acting  Chairman  Richard 
Bravman  resigned,  as  the  SEC  was  investi¬ 


gating  a  transaction  in  which  Bravman  and 
other  Symbol  employees  allegedly  prema¬ 
turely  recognized  $860,000  in  revenue. 

It  was  then  that  a  newly  reconstituted 
board  of  directors,  with  three  new  outside 
directors,  offered  Nutti  the  CEO  position. 
He’d  been  with  the  company  as  president 
and  COO  for  just  over  a  year,  after  a 
decade  at  Cisco. 

Nutti  has  a  lengthy  list  of  2003  achieve¬ 
ments  to  cite.  Despite  the  turmoil  and  the 
economy  Symbol’s  total  revenue  for  fiscal 
2003  was  $1.5  billion,  compared  with  $1.4 
billion  in  fiscal  2002. The  2002  figure  is  the 
restated  revenue,  which  in  this  case  showed 
an  increase  from  the  original  $1.3  bil- 
lion.The  company’s  gross  margin  as  a  per¬ 
cent  of  revenue  rose  to  44%  compared  with 
40%  a  year  ago,  an  indicator  of  improving 
profitability 

Symbol  also  paid  off  all  its  debt,  put  $150 
million  into  the  bank  and  improved  other 
business  indicators,  such  as  how  fast  it  gets 
paid  after  shipping  a  product. 

“It  was  a  pretty  darn  good  year]’ Nutti  says. 

At  the  same  time,  the  company  main¬ 
tained  its  research  and  development 


spending  at  about  10%  to  1 1%  of  total  rev¬ 
enue  —  about  $200  million.  Nutti  says  cus¬ 
tomers  will  see  the  fruit  of  that  spending 
starting  soon  this  year,  with  an  array  of 
new  products.  He  declined  to  be  more 
specific. 

Last  year,  Nutti  also  ordered  a  complete 
restructuring  of  Symbol’s  relationships 
with  distributors  and  resellers.  Among 
other  changes,  the  direct  sales  force  that 
deals  with  the  Fortune  2000  customers 
will  work  to  fulfill  those  orders  through 
the  appropriate  channel  partners. 

Symbol  now  has  about  5,700  employees, 
a  drop  of  450  compared  with  a  year  ago. 
Many  of  those  came  from  the  ranks  of  vice 
presidents  and  directors.  Of  350  in  those 
categories,  Nutti  has  replaced  106. 

He’s  instituted  a  range  of  periodic  and 
frequent  video,  Webconferencing  and 
face-to-face  meetings  with  employees  at 
all  levels  of  the  company  Part  of  that  com¬ 
munication  is  recognizing  employees 
who  are  achieving  results  and  meeting 
goals.  “Morale  is  not  where  we  want  it  to 
be,”  Nutti  says.  “There’s  still  room  for 
improvement.”  ■ 


HP  blade  server  gets  dense 


■  BY  JENNIFER  MEARS 

HP  next  quarter  is  expected  to 
begin  shipping  a  two-processor 
Xeon  blade  that  is  half  the  size  of 
its  current  offerings,  giving  busi¬ 
ness  users  who  need  minimal  on- 
system  storage  the  ability  to  pack 
more  processing  power  into 
smaller  spaces. 

HP  unveiled  last  week  the 
BL30p,  along  with  a  single-proces¬ 
sor  tower  system  for  small  and 
midsize  businesses.  The  ML110, 
priced  starting  at  $499,  is  the  first 
in  a  line  of  ML100  series  systems. 
It  is  expected  to  be  a  complement 
to  the  rack-mounted,  single-pro¬ 
cessor  DL140  that  HP  introduced 
last  year,  says  Jim  Mouton,  HP’s 
vice  president  of  platform  strategy 

The  no-frills  ML110  is  designed 
for  general-purpose  tasks  such  as 
file  sharing  and  mail  messaging.lt 
is  available  with  either  a  2.6-GHz 
Celeron  processor  or  2.8-GHz  or 
3-GHz  Pentium  4  processors  from 
Intel  with  lM-byte  cache. 

The  BL30p  is  aimed  at  giving 
business  users  more  density  and 
power,  primarily  for  computation¬ 
al  clusters  and  grid  computing. 
Sixteen  of  the  blades  can  fit  into 
HP’s  6U  blade  enclosure,  com¬ 
pared  with  just  eight  of  HP’s  dual¬ 
processor  blade  offering,  the 
BL20p.  By  contrast,  14  of  IBM’s 


HP's  BL30p  can  fit  16  blades  into 
its  6U  blade  enclosure. 


dual  processor  HS20  blades  can 
fit  into  its  7U  blade  enclosure. 

The  Greater  Baltimore  Medical 
Center  last  year  replaced  three 
racks  of  servers  with  one  rack  of 
nearly  three  dozen  BL20p  blade 
servers.  Eric  French,  network 
manager  at  the  medical  center, 
says  he’s  interested  in  taking  a 
look  at  the  even  more  compact 
BL30p. 

“The  more  processing  power 
per  square  foot  the  better  your 
data  center  is  in  terms  of  the 
expense,”  French  says.  He  says  the 


new  blades  would  work  nicely  as 
Web  servers  or  Linux  clusters. 

Two  BL30ps  can  slide  into  a 
sleeve  that  lets  them  plug  into  the 
same  backplane  as  the  BL20p,  let¬ 
ting  the  systems  be  interchange¬ 
able  and  enables  an  easier  migra¬ 
tion,  Mouton  says. 

To  slim  down  the  blade,  HP  re 
moved  the  two  hot-plug  SCSI  dri¬ 
ves  available  on  the  BL20p.  The 
BL30p  offers  optional  dual-port 
Fibre  Channel  for  storagearea 
network  connectivity 

Mouton  says  HP  wants  to 
address  a  range  of  compute 
needs  as  businesses  make  blade 
servers  a  more  important  piece  of 
their  data  center  infrastructures. 

The  blade  market  is  steadily 
growing.  According  to  IDC’s 
Worldwide  Quarterly  Server  Trac¬ 
ker  and  Forecaster,  about  185,000 
blade  servers  were  shipped  last 
year,  but  nearly  500.000  are  ex¬ 
pected  to  ship  this  year.  IDC 
expects  blade  server  shipments 
to  reach  nearly  2.3  million 
in  2007. 

Pricing  for  the  BL30p  has  not 
been  released,  but  Mouton  says 
it  will  be  “very  comparable  to  the 
BL20p.”  Both  systems  are  avail¬ 
able  with  the  latest  Xeon  proces¬ 
sors.  Pricing  for  the  BL20p,  with 
two  3.06-GHz  Xeon  processors, 
starts  at  about  $5,000.  ■ 


VPN 

continued  from  page  17 

machine  is  trying  to  reach.The  gateway  terminates  the  SSL  tunnel  and 
acts  as  a  go-between  with  servers  on  the  corporate  network. 

In  addition,  the  Net6  gear  requires  no  reconfiguration  of  employees’ 
home  firewalls  as  IPSec  does,  according  to  Prall,  because  it  uses  just 
ports  commonly  left  open  for  SSL. 

SSL  remote-access  gear  also  has  lightweight  clients  or  uses  Web 
browsers,  but  Net6  says  its  gear  gets  around  drawbacks  that  SSL  remote 
access  has.  For  instance,  the  Net6  Gateway  supports  all  applications  at 
the  network  layer, so  the  applications  they  access  appear  as  they  do  on 
a  LAN.This  is  also  true  of  IPSec  VPNs.  Some  SSL  remote-access  equip¬ 
ment  has  limits  on  the  applications  it  can  access  or  it  displays  appli¬ 
cations  with  different  interfaces  than  end  users  are  used  to. 

Net6  says  that  while  SSL  remote-access  products  must  be  upgraded 
when  a  specific  application  is  upgraded,  Net6’s  software  does  not. 
These  upgrades  generally  include  alterations  to  the  client/ 
server  protocols  that  require  changes  in  the  custom  connectors  within 
SSL  remote-access  software.  Net6  intercepts  traffic  at  Layer  2,  so  does 
not  have  to  deal  with  these  protocol  changes. 

The  fact  that  Net6  gear  proxies  traffic  insulates  the  network  it  protects 
from  worms.  Worms  seeking  IP  addresses  to  find  vulnerable  machines 
might  hit  the  address  for  the  Net6  Gateway,  but  polling  by  the  worms 
will  not  be  authenticated  nor  contain  proper  information  for  being 
passed  on  to  internal  IP  addresses,  Net6  says. 

This  feature  drew  data-migration  vendor  Rainfinity  to  test  Net6  gear 
for  use  by  its  employees  who  need  to  access  corporate  resources,  says 
Curt  Jernigan,  director  of  IT  at  the  San  Jose  company  He  avoided  IPSec 
VPNs  because  they  create  network-layer  tunnels  with  direct  access  to 
internal  IP  addresses.“I  just  wanted  to  make  sure  there  wasn’t  any  door 
left  open  to  allow  in  any  worms,”  he  says. 

Net6  says  its  gear  supports  real-time  applications  such  as  voice  and 
video, and  because  the  SSL  tunnel  it  uses  employs  just  firewall  Fbrt  443, 
it  solves  network  address  translation  problems  that  IP  softphones 
would  have  crossing  firewalls  without  a  tunnel. 

When  Net6  Gateway  and  Net6  Remote  are  ready  to  ship  next  week, 
they  will  support  Windows  2000  and  XP  desktops. The  company  says  it 
is  developing  clients  for  Linux  and  Macintosh  operating  systems. 

The  gateway  costs  from  $160  per  user  for  50  users,  to  $1 1  per  user  for 
2,000  users.® 
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WAN  router  redux 


As  promised,  this  week’s  column  high¬ 
lights  some  comments  I  received  in 
response  to  my  recent  column  about 
Cisco’s  WAN  access  routers  (www.nwfu 
sion.com,  DocFinder:  1 125). 

Unlike  so  many  areas,  the  letters  were  very 
matter-of-fact  and  passion-free.  That  would 
seem  to  be  in  character  with  the  workhorse 
nature  of  the  access  router.  While  I  don’t 
think  it  appropriate  to  draw  conclusions 
from  the  handful  of  messages,  some  inter¬ 
esting  and  valid  points  were  made. 

“Cisco  is  overpriced  and  underpowered,” 
writes  the  IT  manager  of  a  U.S  coatings 
manufacturer.  “The  other  companies  can 
integrate  just  fine  into  existing  and 
planned  networks.” This  is  a  sentiment  I’ve 
heard  over  and  over  again  from  end  users 
during  NetworkWorld  seminar  tours. 

This  same  writer,  though,  takes  exception 
to  the  “future-proof”  sales  pitch  and  dis¬ 
misses  it  as  likely  FUD. “Being  future-proof 
sometimes  is  as  much  about  not  over¬ 
spending  on  the  tools  that  you  need  in  the 
hopes  that  they  will  be  the  tools  that  you 
will  need  five  years  from  now)  he  says.  In 
essence,  I  know  that  in  the  future  I’ll  proba¬ 
bly  want  something  new,  so  let’s  not  dwell 
too  much  on  that. 

In  defense  of  the  future-proof  routing  ven¬ 
dors,  they  probably  are  focused  a  little 


more  on  the  “near-term.”  For  example,  don’t 
be  caught  installing  a  router  and  then,  a 
year  later  when  you  are  ready  to  imple¬ 
ment  VPNs,  find  out  that  you  have  to 
upgrade  to  do  that.  To  me,  it  seems  that 
many  of  the  future-proof  router  vendors 
are  simply  saying:  “We’ll  provide  you  with 
sufficient  horsepower  and  futures  Day  One 
that  will  be  good  for  the  life  of  the  box.” 

The  vice  president  of  technology  for  a 
U.S.  mortgage  broker  sums  up  what  1 
believe  are  the  thoughts  of  the  “silent 
majority”  when  he  writes:  “I  think  that  you 
are  addressing  an  under-covered  need 
with  this  topic.  For  the  majority  of  us  two-, 
three-,  four-location  operations  that  need 
affordable  performance,  I  hope  you  or 
somebody  starts  publishing  price/perfor¬ 
mance  metrics  and  discussion  about  what 
is  ‘good  enough.’” 

Indeed,  “good  enough”  is  a  key  concern 
when  the  access  speed  for  the  corporate 
branch  (likely  T-l)  is  in  the  realm  of  speeds 
now  common  for  home  broadband  con¬ 
nections.  Given  that  a  5-year-old  PC  running 
NT  likely  can  route  T-l  at  wire  speed  —  and 
that  “speeds  and  feeds”  are  such  popular 
metrics  —  how  does  one  decide  what  to 
use?  On  the  other  hand,  it  is  highly  likely 
that  the  least  expensive  router  you  can  find 
can  handle  a  basic  T-l  connection. 

The  real  challenge  comes  when  deciding 
what  type  of  “value-add”  functions  you 
need  your  router  to  handle.  Do  you  need  IP 
multicast?  Or  Fast  Ethernet  local  routing? 
Or  do  you  want  your  router  and  LAN 
switch  integrated  into  one  box  as  some 
vendors  are  proposing?  Your  answers  will 


help  you  pick  the  right  box. 

Tilting  things  in  Cisco’s  favor, according  to 
a  writer  from  a  New  York  law  firm,  is  inertia 
in  the  T-l/E-1  market. “Clearly  in  the  Tl/El 
space  there  is  little  reason  to  risk  change. 
But  on  the  higher  end,  Cisco  is  vulnerable 
on  price.  DS3-capable  routers  cost  more 
than  they  should,”  he  says.  He  sees  a  wait¬ 
ing  market  for  a  wire-speed  DS3  router. 

And,  finally  a  writer  from  a  Cisco  partner 
in  the  U.K.  reminds  us  that  Cisco’s  propri¬ 


■  BY  JENNIFER  MEARS 

Dell  last  week  announced  it  is  extending 
its  partnership  with  server  virtualization 
software  maker  VMware  to  bring  high-per¬ 
forming  virtualization  capabilities  to  its 
four-processor  PowerEdge  6650  systems. 

New  configurations  of  Dell  PowerEdge 
servers  and  Dell/EMC  storage  running 
VMware’s  ESX  Server  virtualization  soft¬ 
ware  and  using  VMware’s  VirtualCenter  and 
VMotion  technology  are  designed  to  let 
businesses  make  more  efficient  use  of  their 
data  center  resources,  says  Pete  Morowski, 
vice  president  of  software  development  in 
the  Dell  Product  Group. 

VMware’s  software  lets  companies  split 
Intel-based  servers  into  virtual  partitions, 
running  multiple  operating  systems  and 
applications  on  one  box. 

VMware  brings  this  partitioning  capabil¬ 
ity  to  standards-based  systems  and  has 


etary  Enhanced  Interior  Gateway  Routing 
Protocol  remains  a  lock-in.  He  closes  with 
an  enticing:  “There  are  various  other  inter¬ 
esting  issues  around  sales  tactics  that  this 
leads  into  . . .  but  I’m  not  prepared  to  put 
those  in  writing.” 

Tolly  is  president  of  The  Tolly  Group,  a 
strategic  consulting  and  independent  testing 
company  in  Boca  Raton,  Fla.  He  can  be 
reached  at  ktolly@tolly.com. 


partnered  with  server  makers  such  as 
Dell,  HP  and  IBM  during  the  last  year  as 
users  have  looked  for  ways  to  get  better 
use  of  a  growing  number  of  Intel  servers. 
Storage  vendor  EMC  acquired  VMware  in 
January. 

Dell  has  partnered  with  VMware  in  the 
past,  offering  the  software  maker’s  GSX 
Server, designed  primarily  for  departmental 
and  testing  environments. 

The  Dell-VMware  Virtual  Infrastructure 
configurations,  which  are  tested  and  sup¬ 
ported  by  Dell,  include  Dell  PowerEdge 
6650  servers  running  VMware  ESX  Server 
2.0.1,  VirtualCenter  and  VMotion; 
Dell/EMC  CX300  and  CX500  storage  sys¬ 
tems  to  enable  VMotion  capability;  and  a 
Dell  PowerEdge  1750  running  the  VMware 
VirtualCenter  Management  Server. 

The  configurations  start  at  about  $30,500 
for  a  two-processor  Dell  PowerEdge  6650, 
internal  storage  and  VMware  ESX  Server.* 


Dell,  VMware  boost  server  wares 


You  Need  Belden's  New  DataTwist  600e  — 

The  Only  Network  Cable  That  Guarantees  Performance  Beyond  Category  6  Standards. 

Suddenly,  as  quickly  as  Category  6  cable  performance  standards  have  been  adopted,  Belden 
has  made  them  obsolete.  DataTwist  600e  UTP  networking  cable  was  developed  not  only  to  meet 
Category  6  standards,  but  also  to  provide  significant  amounts  of  headroom  above  and  beyond 
them  —  guaranteed.  It’s  the  industry’s  only  UTP  cable  with  guaranteed  performance  to  600  MHz. 

The  secret?  Belden's  unique,  patented  Bonded-Pair  technology  that  ensures  uniform  conductor- 
to-conductor  spacing  to  eliminate  performance-robbing  gaps  between  pairs. ..coupled  with 
the  patented  e-Spline  design  that  provides  consistent  pair-to-pair  spacing 
by  placing  pairs  in  individual  chambers. 

The  result: 


•  8  dB  of  Power  Sum  NEXT  headroom  over  Category  6  —  guaranteed. 

•  Nearly  5  dB  of  return  loss  improvement  over  Category  6 
at  100  MHz  —  guaranteed. 

•  An  attenuation  margin  over  Category  6  standards  —  guaranteed. 

•  Positive  Power  Sum  ACR  to  460  MHz  —  guaranteed. 

All  of  which  means  better  and  faster  performance  for  you. 

For  more  information  call  1-800-BELDEN-4  to  get  your 
FREE  copy  of  the  DataTwist  600e  New  Product  Bulletin. 

www.belden.com/networking 


DuPont  is  the  sole 
supplier  of  PEP  Tel  Ion 
insulation  material  used 
in  the  plenum  product. 
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Command  Line  Interface  (CLI) 
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Quality  of  Service  (QoS) 
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VLAN  Trunking 
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Virtual  Private  Networking  (VPN) 
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Dial  Backup 
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PBX  Connectivity 
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Unlimited  Telephone  Support 

Free 
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Operating  System  Updates 

Free 

$$$$ 

Warranty 

5  Year 

1  Year 

Uncompromising  quality.  Affordable  price.  There's  no  better  value 
in  access  routers  than  the  NetVanta  3000  Series  from  ADTRAN. 


Using  a  NetVanta  3000  router,  you  can  outfit  a  remote 
location  with  complete  T1  voice  and  data  communications 
for  50%  less  than  you’re  accustomed  to  paying.  Loaded 
with  standard  features,  and  available  with  very  reasonably 
priced  options,  the  NetVanta  3000  Series  is  everything  you 
need  in  a  router  and  more.  Lower  price  isn’t  the  result  of 
cutting  corners — it’s  the  result  of  smart  engineering. 
Engineering  that’s  backed  by  a  100%  satisfaction  guarantee 
from  ADTRAN,  including  unlimited  telephone  technical 
support  (before  and  after  the  sale),  free  ADTRAN  OS  updates, 
and  a  full  five-year  warranty.  Try  a  NetVanta  3000  router  today. 
And  start  getting  more  out  of  your  router  dollar. 

Why  pay  more? 


Take  the  CLI  Challenge!  Receive  a  free  T-Shirt! 

www.adtran.com/info/whypa  ymore 

877.767.6022  Technical  Questions 
877.280.8416  Where  to  Buy 
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Extreme  Networks  is  revolutionizing  the  networking  industry  with 
the  highest  performance  Layer  3  10/100/1000  fixed  configuration 
edge  switch,  with  the  industry's  first  and  only  modular  10  gigabit 
uplink  option.  The  Summit  400,  designed  for  enterprise  networks 
deploying  gigabit  to  the  desktop,  enables  customers  to  fearlessly 
deploy  Gigabit  Ethernet  to  the  edge  today,  and  have  the  added  peace 
of  mind  that  they  can  fuily  performance-enable  their  wiring  closet 
infrastructure  through  future  upgrades.  How’s  that  for  a  switch? 


i  gigabit  uplink  option 
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WITH  EXTREME  NETWORKS 

Contact  Extreme  Networks  at 
1.888.257.3000  or  visit  us  on  the  web  at 

www.extremenetworks.com/go/sum400.htm 


MANAGING  FOR 

MAXIMUM  WAN  VALUE 


How  to  make  sense  of  wide-area  service  options  and  get  the  best  bang  for 
your  buck  -  and  your  applications.  ■  By  Paul  Desmond 


P'rivate  lines,  frame  relay, 

Internet,  VPNs,  Multi-proto- 
col  Label  Switching:  Never 
have  enterprise  users 
had  more  WAN  options  from  which 
to  choose.  While  the  mix  makes  it 
more  likely  you’ll  find  services  that 
fit  your  applications,  the  array  of 
choices  also  can  make  it  more  chal¬ 
lenging  to  ensure  you  are  consis¬ 
tently  getting  the  best  value  for  your 
WAN  dollar. 

Companies  are  responding  in  ways 
that  reflect  their  range  of  require¬ 
ments.  Quaker  Chemical  has  used 
compression  devices  to  squeeze  more 
bandwidth  out  of  its  frame  relay  net¬ 
works  and  now  is  moving  to  MPLS. 

Champps  Entertainment  chose  to  oust 
frame  relay  for  a  managed  VPN  service  that 
cut  the  company’s  costs  by  about  70%  and 
increased  bandwidth.  George  Washington 
University  is  buying  up  dark  fiber  and  using  it 
to  connect  to  the  Internet,  and  has  enough 
headroom  that  it  is  looking  at  selling  excess 
capacity.  The  commonwealth  of  Pennsylvania 
pooled  its  state  buying  power  into  one  mas¬ 
sive  contract  that  enables  it  to  get  a  DS-3  link 
for  as  little  as  $1,800  per  month.  At  prices  like 
that,  no  compression  is  required. 

To  determine  which  services  make  sense  for  your 
enterprise,  Thomas  Nolle,  CEO  of  consultancy  C1MI  in 
Vorhees,  N.J.,  recommends  assessing  each  option  in  terms  of 
its  price,  performance/stability  and  future  trending.  Leased 
lines  would  be  classified  as  high  price,  high  performance  and 


stable,  but  with  a  gloomy  future,  mean¬ 
ing  they  are  likely  to  become  more 
pricey  over  time  and  more  difficult  to 
obtain  as  the  number  of  suppliers 
decreases.  Frame  relay  is  moderately 
priced  and  offers  generally  good  per¬ 
formance  and  stability.  The  price  of 
frame  relay  is  likely  to  decline  some¬ 
what  going  forward,  but  so  is  service 
availability,  as  fewer  carriers  offer  the 
service.  VPN  services  are  generally 
low-priced,  with  relatively  poor  per¬ 
formance  and  stability,  but  there  are 
a  large  number  of  providers  from 
which  to  choose. 

Steven  Taylor,  president  of  consul¬ 
tancy  Distributed  Networking  Asso¬ 
ciates,  says  all  of  that  might  be  moot 
if  your  network  configuration  deter¬ 
mines  the  choice.  Obviously,  private 
lines  and  frame  relay  are  better  for 
point-to-point  or  hub-and-spoke  con¬ 
figurations,  while  IP-based  services 
might  be  better  for  distributed  networks. 
When  it  comes  to  drawing  distinctions 
between  services  such  as  frame  relay  and 
MPLS  as  an  alternative  to  private  lines,  it  is 
often  best  to  simply  ask  for  quotes  on  all 
three  and  make  your  decision  after  the  fact, 
says  David  Rohde,  a  senior  analyst  at 
TechCaliber. While  there  are  a  number  of  issues 
to  consider,  the  decision  might  come  down  to 
which  is  less  expensive. 

The  trick  is  to  put  the  bid  out  to  as  many  carri¬ 
ers  as  you  can  and  to  write  an  RFP  that  is  specific 


ILLUSTRATIONS  BY  GIACOMO  MARCHES! 


ProfCiiig  WAN  service  options 

Consultancy  CIMI  predicts  that  future  price  trends  for  private  lines  look  good 
for  users  while  the  outlook  does  not  seem  so  rosy  forVPN  customers. 
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about  the  level  of  service  you  need. 
“Otherwise,  carriers  will  bid  what  they 
have,"  Rohde  says.  “The  variable  is  the 
quality  of  your  RFP.” 

Driving  a  bargain 

You  might  be  surprised  to  learn  that 
private-line  prices  have  fallen  since  last 
you  checked,  especially  for  higher 
speeds.  “T-3  and  OC-3  just  don’t  have 
that  same  ‘Oh  my  God’  factor  anymore,” 
Rohde  says.  “Prices  of  $20,000  per 
month  are  just  gone.” 

In  Pennsylvania,  they  are  long  gone.  In 
May  2000,  the  state  signed  a  five-year 
deal  with  an  alternative  carrier  that  is 
standing  the  test  of  time.  Pooling  22  con¬ 
tracts  garnered  the  state  enough  buying 
power  to  build  a  statewide  SONET  ring 
that  connects  more  than  250  state  build¬ 
ings  and  17  institutions  of  higher  educa¬ 
tion. The  smallest  access  link  any  agency 
has  is  a  T-l,  and  most  have  OC-3,  says 
Charles  Strubel,  the  commonwealth’s 
acting  director  of  the  Bureau  of 
Commonwealth  Telecommunications 
Services.  Each  OC-3  costs  only  about 
$3,300  per  month, and  DS-3s  go  for  about 
$1 ,800  —  regardless  of  distance,  he  says. 

Rohde  is  likewise  bullish  on  the  frame 
relay  deals  available,  citing  a  “compres¬ 
sion  of  the  curve”  trend  that  he  says  is 
accelerating.  In  the  past,  if  a  56K  bit/sec 
frame  relay  port  cost  $250,  a  T-l  would 
go  for  $1,500  to  $2,000.  Now  the  price 
difference  between  56K,  128K.256K  and 
even  512K  is  marginal. 

“And  the  price  for  T-l  is  so  much  less 
than  it  was  two  years  ago  that  you’ve  got 
a  real  compression  there,”  he  says.  If 
your  frame  relay  network  is  dominated 
by  56K  and  128K  ports,  ask  for  a  price  at 
256K.  “It  may  not  cost  you  much  more. 
Try  it  again  at  half  a  T-l.  Again, you’ll  be 
surprised.  That’s  the  way  to  optimize 


bandwidth  at  this  point,”  he  says. 

The  VPN  option 

Unless,  of  course, you  ditch  your  frame 
relay  network  entirely  and  go  with  a 
VPN,  as  Champps  Entertainment  did. 
Champps  owns  and  operates  43  restau¬ 
rants  and  franchises  13  others  across 
the  country  The  company  had  paid 
about  $700,000  per  year  for  the  frame 
relay  network  that  tied  those  locations 
to  the  company’s  Littleton,  Colo.,  head¬ 
quarters,  says  Steve  Johnson,  director  of 
IT  for  the  firm.  “It  was  straining  our  IT 
bottom  line,”  he  says. 

When  the  company  first  installed  the 
frame  network  in  mid-2001,  Johnson  says 
he  considered  a  VPN  option,  but  wasn’t 
comfortable  that  it  was  secure  enough. 
Now,  with  improved  IPSec  encryption 
algorithms,  it’s  a  different  story 

Champps  opted  for  a  managed  VPN 
service  from  Netifice  Communications 
that  costs  $200,000  per  year.  “Originally 
we  had  T-l  access  with  guaranteed  56K 
bit/sec  frame  relay,  burstable  to  128K,” 
he  says.  “Now  we  have  [asymmetrical] 
DSL,  IDSL  or  business  cable,  with  144K 


to  256K  guaranteed.  So  we  ended  up 
increasing  our  bandwidth  without  try¬ 
ing  too  hard.” 

He  understands  that  the  new  setup 
isn’t  likely  to  be  as  reliable  as  his  frame 
network,  but  says  he  can  accept  that 
risk.  “We  don’t  have  to  be  online  24 
hours  to  serve  you  a  beer,”  he  says. 

Still, Champps  is  in  the  minority  in  that 
it  is  employing  a  VPN  for  its  enterprise 
backbone,  according  to  Rohde.  Most 
companies  use  VPNs  for  remote  access, 
not  as  an  alternative  to  backbone  WAN 
links. 

Nolle  expects  that  to  change  as  carri¬ 
ers  redefine  their  VPN  services,  proba¬ 
bly  by  next  year.“VPNs  will  start  to  show 
price  polarization,  and  we’ll  see  a  sepa¬ 
ration  of  low-end  and  high-end  ser¬ 
vices,”  he  says.  “You’ll  have  IP  services 
that  are  separate  from  the  Internet. 
We’re  going  to  see  the  creation  of  IP 
infrastructure  in  the  facility  model 
become  a  mandate  for  pretty  much  all 
of  the  common  carriers.” 

Web-services  based  applications  will 
help  drive  this  phenomenon,  he  says, 
because  they  are  more  tolerant  of  vari¬ 
ables  in  network  behavior  than  many 
existing  applications.“If  you  have  an  appli¬ 
cation  that  is  tolerant  of  variability  you’ll 
be  able  to  deliver  it  over  a  service  that  has 
traded  performance  stability  against 
cost,”  Nolle  says.  By  next  year,  he  says  he 
expects  carriers  will  offer  access,  via  a  sin¬ 
gle  pipe,  to  IP-based  services  that  offer 
varying  levels  of  performance. 

MPLS  movement 

What  carriers  already  are  pushing  is 
MPLS-based  services,  especially  for 
international  networks,  Rohde  says. 
MPLS  is  delivered  in  a  fashion  similar  to 
frame  relay,  but  without  the  concept  of 
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Making  sense  of  WAN  service  options 
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Join  Craig  Mathias,  principal  of  Farpoint  Group 
and  Ron  Kaplan,  research  manager  at  IDC,  in 
this  exclusive  Webcast  as  they  explain  which 
WAN  services  make  the  most  sense  for  your 
enterprise  budget  and  application  mix.  You  will 
learn  in  this  Webcast,  which  will  be  introduced 
by  Network  World  President  and  Editorial 
Director  John  Gallant,  about  the  latest  tools 
and  techniques  needed  for  an  all-encompassing 
WAN  management  program. 


p  Watch  it  now: 

www.itworld.com/maxwanvalue 


“rrs  less 

EXPENSIVE 
FOR  US  TO 
JUST  GET 
MORE  RAND- 
WIDTH.” 

David  Swartz,  CIO,  George  Washington 
University,  on  why  the  university  has 
no  use  for  compression  gear,  packet 
shapers,  filters  or  any  of  the  other 
equipment  meant  to  conserve  band¬ 
width. 


permanent  virtual  circuits,  which  are 
network  paths  that  must  be  defined  in 
advance.  With  MPLS,  packets  are 
routable,  able  to  be  shuttled  from  one 
port  in  the  network  to  any  other  at  will. 

“No  matter  what  you  ask  for,  expect 
the  carrier  to  say,  ‘We  can  do  this  with 
MPLS,”’  Rohde  says.  Given  that,  ask  for  it 
up  front  so  you  can  better  control  the 
negotiations. 

Quaker  Chemical  is  one  company 
that  is  taking  the  leap  to  MPLS  after 
milking  every  last  bit  out  of  its  frame 
relay  network.  The  company,  based  in 
Conshohocken,  Pa.,  has  used  frame 
relay  to  connect  17  sites  —  six  in  the 
U.S.,six  in  Europe, two  in  South  America 
and  three  in  Asia  —  to  its  data  center  in 
the  Netherlands. 

Three  years  ago  when  it  rolled  out  an 
ERP  application  the  company  faced  the 
need  to  double  network  bandwidth  to 
5 12K  bit/sec,  says  Irving  Taylor,  Quakers 
vice  president  and  CiO.Instead.it  opted 
for  compression  devices  from  Peribit 
Networks,  which  worked  well  enough  to 
quadruple  capacity,  staving  off  the 
upgrade  and  providing  a  ROI  in  about 
six  months. 

Now  the  company  is  looking  to  MPLS 


to  save  more  money  —  roughly  10% 
vs.  the  frame  relay  setup.  Given 
MPLS  will  be  delivered  as  a  man¬ 
aged  service,  as  is  his  frame  relay 
network,  the  rollout  should  be  painless 
for  Quaker. 

Taylor  expects  it  will  be  easier 
to  get  MPLS-based  services  in  outlying 
areas  of  countries  such  as  China  than 
it  is  to  get  frame  relay  links.  He  also  can 
still  use  the  Peribit  compression 
equipment. 

Big,  big  bandwidth 

George  Washington  University,  on  the 
other  hand,  has  no  use  for  compression 
gear,  packet  shapers,  filters  or  any  of  the 
other  equipment  meant  to  conserve 
bandwidth.  “It’s  less  expensive  for  us  to 
just  get  more  bandwidth,”  says  David 
Swartz,  CIO  for  the  university,  in 
Washington,  D.C. 

For  virtually  all  of  its  WAN  connectivity 
the  university  relies  on  the  Internet, 
including  the  high-performance  Inter- 
net2  network  run  by  a  consortium  of 
some  200  academic  institutions,  Swartz 
says.  The  university  is  a  founding  mem¬ 
ber  of  the  Mid-Atlantic  Crossroads,  a 
consortium  that  operates  an  OC^I8  net¬ 
work  in  the  D.C.-Baltimore  area.  Previ¬ 
ously  the  university  bought  OC-3  con¬ 
nections  from  its  local  carrier,  but 
recently  saw  the  price  of  dark  fiber 
falling  so  fast  it  couldn’t  resist  buying  it 
up  and  lighting  it  up. 

“The  cost  is  probably  10%  of  what  it 
used  to  be,”  Swartz  says  of  dark  fiber. 
“Once  you  acquire  a  certain  amount, 
you  can  resell  [wavelengths] ,  and  that’s 
what  we’re  doing.  This  may  actually  go 
from  a  cost  center  to  a  profit  center.” 

The  university’s  total  costs  are  about  the 
same,  given  the  cost  of  the  fiber,  optical 
equipment  and  the  personnel  to  operate 
it.  “But  we’ve  probably  got  an  order  of 
magnitude  more  bandwidth,” Swartz  says. 
“In  the  past  we  had  to  look  at  things  like 
caches  [to  conserve  bandwidth].  Now 
we  just  over-engineer  everything.”  / 

His  advice  to  those  in  more  remote  ( 
areas  where  dark  fiber  might  not  be  \ 
readily  available:  “Move  to  an  urban 
area.”  Fiber,  Swartz  says,  is  the  modern- 
day  equivalent  of  the  rivers  that  drove 
the  growth  of  major  cities.“So  1  jokingly 
say  that,  but  I’m  not  kidding.” 

Desmond  is  president  of  PDEdit  in 
Framingham,  Moss.  He  can  be  reached  via 
www.pdedit.  com. 
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Qwest  iQ  Networking  is  a  suite  of  WAN  services  with  domestic  and  international  availability  depending  on  services  selected,  Recurring  fees  vary  depending  on  services  ordered 
Additional  equipment  may  be  required.  Qwest  and  Qwest  iQ  Networking  are  trademarks  of  Qwest  Communications  International  Inc.  ©2004  Qwest,  All  rights  reserved. 
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A  network  is  a  network  is  a  network.  That  is,  until  you  want  to  add  a  new  application  like  Voice  Over  IP.  Or 
integrate  x,25  legacy  nodes  into  a  network  built  for  frame  relay  or  ATM.  Or  get  something  done  through  an 
accountable  single  point  of  contact.  The  fact  is,  you  can  never  be  sure  what  you’re  going  to  do  next  with  your 
network,  or  what  device  you’ll  be  hanging  off  of  it.  And  you  don’t  want  to  be  with  a  vendor  who’s  going  to  tell  you 
to  throw  out  your  infrastructure  and  start  over.  Which  is  why  you  want  to  be  with  Qwest? 


Call  1  800-506-0663  or  visit  qwest.com/networksolutions 


INTRODUCING  QWEST  iQ  NETWORKING. 

PLUG  YOUR  COMPANY  IN,  WE’LL  MAKE  IT  PLAY. 


|  www.nwfusion.com 
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IronPort,  Proofpoint 
appliances  target  spam 


■  BY  JOHN  FONTANA 

With  spam  and  viruses  reaching  epi¬ 
demic  proportions,  messaging  security 
vendors  IronPort  Systems  and  Proofpoint 
are  releasing  appliances  designed  to  help 
IT  deal  with  the  onslaught. 

This  week, IronPort  will  release  CIO, an  all- 
in-one  appliance  for  protection  against 
messaging  vulnerabilities,  which  include 
spam  and  viruses.  It  is  designed  for  organi¬ 
zations  with  less  than  250  email  users.  The 
CIO  is  modeled  after  IronPort ’s  C60  and 
C30  appliances  for  larger  organizations. 

Proofpoint  last  week  introduced  its  first 
appliance,  called  the  P-Series  Message 
Protection  Appliance.The  appliance  uses  a 
stripped-down  Linux  kernel  and  Proof- 


■  Application  firewall  maker  Teros 
said  last  week  it  is  adding  XML 
security  features  to  its  Secure 
Application  Gateway.  Customers 
will  be  able  to  choose  to  use  the  fea¬ 
tures  for  an  XML  or  HTML  security 
appliance,  or  use  it  to  protect  against 
XML-  and  HTML-based  attacks. The 
new  features  will  let  the  Teros  gate¬ 
way  inspect  XML  traffic  using 
Simple  Object  Access  Protocol  for 
many  of  the  same  attacks  it  looks 
for  in  HTTP  traffic,  such  as  buffer 
overflows.  Like  the  Secure 
Application  Gateway,  the  Web 
Services  Security  Gateway  will  start 
at  about  $20,000.  No  price  has  been 
set  for  the  combined  Web  services 
and  Web  application  firewall. 

■  Groove  Networks  this  week  will 
release  the  first  beta  of  Groove  3.0, 
which  includes  enhancements  to  its 
file-sharing  tools,  contact  organizer, 
and  notification  and  alert  features. 
The  software,  expected  to  ship  this 
summer,  is  finding  favor  with  corpora¬ 
tions  trying  to  support  mobile  users 
and  distributed  teams  using  line-of- 
business  applications,  Groove  says. 


point’s  Protection  Server  2.0  software, 
which  also  was  released  last  week. 

“The  new  features  of  2.0  are  not  what  sold 
me  on  the  appliance,”  says  Sam  Shoen, 
manager  of  the  Web  team  for  U-Haul  in 
Phoenix. “I  like  the  built-in  administration, 
the  fact  that  I  can  control  all  of  the  lower- 
level  functions  from  a  single  device.”  Those 
functions  include  the  message  transfer 
agent  (MTA)  that  connects  a  corporate 
messaging  system  to  the  Internet. 

Shoen  ran  the  Protection  Server  on  a 
Linux  server  before  he  replaced  that  con¬ 
figuration  with  the  P-Series  appliance.  The 
previous  configuration  made  him  a  little 
nervous,  given  that  the  company  does  not 
have  any  Linux  expertise  on  staff.  U-Haul 
supports  5,000  users  on  its  e-mail  system 
that  runs  on  Open  Text’s  FirstClass.“I  don’t 
have  to  know  how  to  configure  Sendmail 
MTA.  Now  it’s  all  in  the  appliance,  and  I 
have  a  single  point  of  support  if  something 
goes  wrong,”  he  says. 

The  Proofpoint  appliance  includes  the 
Protection  Server  2.0  software,  which  fea¬ 
tures  multi-layered  spam  filtering  including 
inspection  of  the  Simple  Mail  Transfer 
Protocol  header,  the  body  of  the  e-mail, and 
structured  and  unstructured  data  associat¬ 
ed  with  the  message.  It  also  adds  Smart 
URL  Blocking,  which  examines  URLs  and 
determines  how  much  information  has 
been  forged  in  the  e-mail  header.  Proof- 
point  has  added  controls  to  evaluate 
whether  a  message  might  contain  porno¬ 
graphic  content,  which  is  often  hidden 
behind  creative  spellings,  and  filters  for  for¬ 
eign  language  spam.  It  also  lets  end  users 
add  their  own  personal  safe  and  block  lists. 

The  appliance  includes  a  Red  Hat  Fedora 
Linux  kernel  that  has  been  stripped  of 
about  85%  of  its  features.  It  also  has  firewall 
capabilities  to  protect  open  ports.  The  box 
has  a  Web-based  management  interface 
and  is  being  developed  with  Dell. 

It  comes  in  three  models:  the  P400  for 
$20,000,  the  P6000  for  $30,000  and  the  P800 
for  $45,000,  which  can  handle  up  to  a  mil¬ 
lion  messages  per  day 

IronPort’s  CIO  also  includes  a  content 
scanning  engine,  the  ability  to  detect 
threatening  e-mail  traffic  patterns  and  the 
ability  to  fend  off  mail  storm  attacks. 

CIO  pricing  has  not  been  determined. 

The  two  companies  compete  with 
BorderWare  Technologies,  CipherTrust, 
MailFrontier  and  Mirapoint.B 
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Web  services  project 
protects  healthcare  provider 


■  BY  JOHN  FONTANA 

Two  years  and  several  Web  services 
projects  later,  Providence  Health 
System  is  systematically  using  the 
nascent  technology  to  craft  a  network 
of  reusable  components  that  likely  will 
save  it  more  than  $1  million  per  year, 
lead  to  better  patient  care  and  poten¬ 
tially  save  lives. 

Providence,  a  606,000-member  system 
of  hospitals,  clinics  and  assisted-living 
complexes  in  the  Northwest,  is  in  the  sec¬ 
ond  phase  of  a  multi-step  Web  services 
project.  The  project  will  make  medical 
and  other  records,  which  are  spread 
across  disparate  systems,  accessible  to 
patients  and  physicians  through  portal- 
based  applications. 

Two  years  ago,  the  Seattle  healthcare 
company  got  its  first  taste  of  Web  ser¬ 
vices  with  a  project  that  created  profiles 
that  made  it  easier  for  patients  to  interact 
over  the  Web  with  the  healthcare  pro¬ 
vider,  a  nonprofit  that  the  Sisters  of  Prov¬ 
idence  ministries  established  in  1859. 


The  latest  project  is  a  Web  service  that 
pulls  together  in  no  more  than  3  seconds 
all  the  electronic  medical  records  a 
patient’s  primary  care  physician  has 
stored,  the  company  says. 

If  a  patient  walks  into  a  Providence 
emergency  room  in  the  evening,  the  staff 
could  look  up  his  name  and  discover  his 
primary  care  physician  earlier  that  day 
had  performed  a  particular  test  or  proce¬ 
dure.  The  staff  could  access  the  results 
and  avoid  the  cost  of  a  repeat  procedure. 

The  system  aggregates  data  from  27 
physician  offices.  Those  offices  operate 
within  Providence  and  store  their  data  in 
back-end  billing,  clinical,  laboratory  and 
ambulatory  care  record  systems  in  10 
Oracle  databases  Providence  maintains 
on  its  network. 

“This  is  more  of  a  business-based  ROl 
based  on  what  this  new  technology  will 
allow  physicians  to  do,”  says  Mike 
Reagin,  director  of  research  and  devel¬ 
opment.  “It  is  significant  to  say  that 
potentially  making  this  technology  avail- 
See  Providence,  page  28 


Patient  data 

Providence  Health  System  is  adding  to  its  list  of  Web  services  with 
a  service  that  aggregates  patient  information  and  displays  it  through 
a  portal  interface  to  emergency  room  doctors. 


gji 

ER  doctor 


O  ER  doctor  uses  portal  to 
request  information  on  a 
patient. 

©  Web  services  gateway 
built  on  Infravio  software 
manages  connection  to 
portal  and  kicks  off  Web 
service  to  collect  information  on  patient 
from  data  mart  and  transform  it  into  a 
format  for  display  in  portal. 

©  Behind  the  scenes  using  database  replication, 
the  data  mart  collects  on  30-minute  intervals 
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Vignette 
portal  server 


Web  services  gateway 
built  on  Infravio  software 


the  back-end  physician  systems  that  store 
a  patient’s  electronic  medical  records. 


O  ER  doctor  is  presented  with  a  complete 
record  of  patient’s  records  from  his  primary 
care  physician. 

©  Primary  care  physician  can  use  the  same 
portal  interface  and  Web  service  to  collect 
medical  records  for  new  or  referral  patients. 
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CAN  LINUX  DELIVER  LOWER  TCO? 
ASK  THE  PEOPLE  EVALUATING  IT. 


Microsoft 


"We  conducted  a  major  TCO  study  to 
explore  Microsoft  and  Linux  solutions 
for  our  needs.  In  the  end,  we  found  that 
the  TCO  for  the  Windows  Server  System ™ 
approach  was  about  20  percent  less 
expensive  than  Linux." 

— Keith  Morrow,  CIO,  7-Eleven,  Inc.,  U.S. 


7-Eleven  chose  Microsoft  over  Linux  because  of  the  20  percent  savings  in  total  cost  of  ownership 
for  their  5,800  U.S.  and  Canadian  stores'  highly  complex  POS  system.  In  their  evaluation,  7-Eleven 
was  looking  for  an  option  that  could  meet  serious  technical  requirements  with  a  low  TCO.  Their 
study  found  that  only  the  Microsoft®  platform  could  meet  their  criteria.  To  get  the  full  7-Eleven 
case  study  and  more  third-party  findings,  visit  microsoft.com/getthefacts 


C  2004  Microsoft  Corporation.  AM  rights  reserved  Microsoft  the  Windows  logo,  and  Windows  Server  System  are  either  registered  trademarks  or  trademarks  of 
Microsoft  Corporation  in  the  United  States  and/or  other  countries.  7-ELEVEN*,  the  7-ELEVEN  Design  and  OH  THANK  HEAVEN*  are  registered  trademarks  of  7-Eleven,  Inc. 
The  names  of  actual  companies  and  products  mentioned  herein  may  be  the  trademarks  of  their  respective  owners. 
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Enterprise  Applications 

www.nwfusion.com 

Flash:  More  than  just  glitzy  Web  sites 


Flash  applications 


With  Flash  becoming  more  an  Internet  application 
development  tool,  here’s  a  look  at  some  of  the  pros  and 
cons  of  using  it. 


•  Flash  Player  on  98%  of 
Internet-enabled  PCs. 

•  Use  of  Vector-based 
graphics  lowers 
bandwidth  requirements 
for  graphics-intensive 
applications. 

•  Built-in  XML  parser  for 
data  exchange. 


Cons 

•  Bandwidth  hog:  Large 
multimedia  applications  can 
clog  narrowband  Internet 
connections. 

•  Hidden  from  view:  Flash  files 
not  indexed  by  most  search 
engines. 

®  Latest  Flash  Player  (Version 
7)  not  available  for  Linux/Unix. 


■  BY  JASON  MESERVE 

When  it  debuted  in  1997,  Macro¬ 
media’s  Flash  technology  was  the 
equivalent  of  an  animated  GIF 
image  on  steroids,  used  to  create 
online  cartoons  and  productivity¬ 
sapping  games  like  Elf  Bowling. 
But  the  perception  is  changing  as 
companies  such  as  Jordan’s 
Furniture  in  Massachusetts  and 
Blue  Cross/Blue  Shield  of  Michi¬ 
gan  use  the  technology  to  en¬ 
hance  customer  relations  with 
room-planning  and  competitive 
analysis  applications. 

Flash  is  a  proprietary  file  format 
used  to  combine  text,  images, 
audio  and  video  with  scripting  to 
create  a  movie  or  application.The 
key  to  the  technology  is  the  Flash 
Player,  a  plug-in  that  lets  Flash  files 
be  embedded  and  displayed  on 
any  Web  browser  on  Windows, 
Macintosh  and  Linux  (the  Linux 
client  has  not  yet  been  updated 
to  Version  7).  Macromedia  says  at 
least  some  version  of  Rash  is 
installed  on  at  least  98%  of 
Internet-enabled  PCs. 

Developers  can  use  Macro¬ 
media’s  Flash  MX  2004  develop¬ 
ment  environment  to  create  Flash 
applications  from  scratch  or  use 
tools  such  as  Breeze  (presenta¬ 
tions)  and  RoboDemo  (software 
demonstrations)  —  tools  Macro¬ 
media  acquired  through  acquisi¬ 
tions  —  that  let  business  users 
output  content  in  Rash  format.  A 
standard  Web  server  using  HTTP 
can  deliver  Flash  applications. 

When  the  company  rolled  out 


Flash  MX  2004  in  August  with  sup¬ 
port  for  Simple  Object  Access 
Protocol  and  XML,  Macromedia 
said  it  hoped  Rash-based  appli¬ 
cations  would  act  more  like  a  tra¬ 
ditional  client-server  application 
with  the  Internet  as  a  network. 

‘A  browser  doesn’t  provide  a 
good  way  of  getting  to  data 
because  the  screen  needs  to  be 
constantly  refreshed,”  Norm  Mey- 
rowitz,  president  of  products  at 
Macromedia, said  when  the  prod¬ 
uct  was  launched.“We  can  create 
more  intensive  stuff  with  a  better 
interface.  Instead  of  downloading 
a  big  data  dump,  we  can  cursor 
through  10  records  at  a  time.” 

Jordan’s  Furniture’s  online 
Room  Planner  application  is  an 
electronic  version  of  a  cut-out 
planner  that  lets  Web  site  visitors 
(www.jordans.com/roomplan 
ner.asp)  lay  out  a  room  from 
scratch  or  use  15  pre-built  rooms. 
Furniture  dimensions  used  in  the 
design  are  pulled  from  Jordan’s 
product  database.  The  designs 
can  be  saved,  printed  and  shared 
with  friends.  Customers  also  can 
collaborate  online  with  a  Jordan’s 
salesperson  to  get  advice. 

Hookumu,  a  small  software 
development  shop  in  London¬ 
derry,  N.H.,  designed  Room 
Planner  for  Jordan’s  and  now 
sells  it  to  other  furniture  retailers 
and  interior  designers  as  Icovia 
Room  Planner. 

“Room  Planner  is  like  an  online 
version  of  Visio  with  back-end 
intelligence,”  says  Steve  Street, 
Hookumu ’s  president. 


The  application  the  customer 
uses  is  a  536K-byte  Flash  file  that’s 
downloaded  once  and  stored 
locally  Flash  uses  vector-based 
graphics  to  help  shrink  the  appli¬ 
cation  size  and  the  amount  of 
data  that  is  shuttled  between  the 
client  and  server  during  the  cus¬ 
tomer’s  design  process. 

But  why  not  build  the  applica¬ 
tion  in  Java,  whose  applications 
are  delivered  and  run  in  a  similar 
fashion  to  Flash? 

“Java  has  a  whole  host  of  issues 
like  security  and  compatibility, 
plus  it  is  slower  and  not  as  sexy/’ 
Street  says.“Plus,  a  lot  of  firewalls 
don’t  let  Java  applications 
through  because  they  can  write 
to  the  desktop  [a  security  risk  not 
inherent  in  Flash].” 

Blue  Cross  uses  Rash  for  its  net¬ 
work  comparison  and  analysis 
tool  (NCAT),  an  application 


employees  use  to  graphically 
illustrate  network  healthcare  pro¬ 
viders  for  a  product,  such  as  an 
HMO,  in  specific  pieces  or  the 
entire  state.  Blue  Cross  develops 
in  Flash  MX  2004  because  of  its 
support  for  Web  services.  Infor¬ 
mation  is  pulled  from  back-end 
databases  using  ColdFusion  6.1. 

When  Blue  Cross  began  plan¬ 
ning  the  application  last  year,  it 
looked  for  an  off-the-shelf  report¬ 
ing  tool  before  deciding  to  build 
from  scratch. 

“We  were  finding  there  were 
solutions,  but  the  look-and-feel 
and  usability  were  not  there,” 
says  Scott  Hamerink,  project 
lead  for  Blue  Cross.  “They  did 
what  they  were  supposed  to  do, 
but  it  was  not  something  we 
could  present  to  customer,  and 
they  would  easily  understand.” 

Before  NCAT,  Hamerink  says 


there  was  no  central  process  for 
creating  the  customer  report, 
which  could  number  250  or 
more  annually.  He  estimates 
NCAT  saves  the  company  at  least 
$15,000  per  year  in  paper  costs 
and  to  have  someone  run  the 
analysis  every  day 

Even  though  Macromedia  im¬ 
proves  Flash  performance  in 
product  revisions,  developers 
have  to  be  wary  of  bloated  files 
that  take  too  long  to  download. 

When  Cinemetrix,  a  video  mar¬ 
keting  production  company 
based  in  Newton,  Mass.,  devel¬ 
oped  a  5-minute  Flash  movie  for 
UPromise,  the  college  savings 
plan,  it  used  a  custom  pre-loader 
algorithm  to  push  content  down 
to  the  viewer  as  quickly  as  possi¬ 
ble.  “We  wanted  to  make  sure 
there  are  no  pauses  and  glitches 
in  the  movie,”  says  George  Gagli- 
ardi,  CEO  of  Cinemetrix. 

To  ensure  smooth  playback, 
Cinemetrix’s  pre-loader  deter 
mines  the  speed  of  the  user’s  con¬ 
nection  and  calculates  how  much 
of  the  movie  must  be  loaded 
ahead  of  time  before  it  starts, 
much  like  how  Windows  Media  or 
RealPlayer  buffer  streaming 
media  files  before  they  start. 

Another  potential  pitfall  is  play¬ 
er  compatibility  While  the  same 
version  of  Rash  Player  runs  con¬ 
sistently  across  all  supported  plat¬ 
forms,  some  new  features  in  Rash 
MX  2004  only  might  play  in  Flash 
Player  7  and  not  the  older  (and 
still  more  prevalant)  Rash  Player 
6  technology  ■ 
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Providence 

continued  from  page  25 

able  to  physicians  can  save  us  $700,000 
per  yeafThat’s  in  addition  to  savings  Prov¬ 
idence  gets  with  its  Profile  Manager  Web 
service  introduced  two  years  ago  (see 
www.nwfusion.com,  DocFmder:  1 132). 

As  its  Web  services  effort  has  evolved, 
Providence  has  created  its  version  of  a 
service-oriented  architecture  (SOA)  built 
on  a  component  collection  that  provides 
simple  and  reusable  interfaces  for  incor¬ 
porating  patient  data  into  an  application. 

"We  feel  we  have  achieved  an  SOA  by 
being  able  to  use  the  same  integration 
across  different  lines  of  business  and  dif¬ 
ferent  customers  internal!/  Reagin  says. 
"It’s  the  first  time  that  has  happened  with 
our  integration.” 

He  says  the  SOA  is  defined  on  his  net¬ 


work  and  in  the  application  development 
process. 

The  Infravio  Ensemble  Web  services 
management  suite  orchestrates  data 
extraction  and  display  on  the  portal.  Infra¬ 
vio  and  the  Physician  Web  service  sit  on  a 
pair  of  Compaq  700  MHz  servers  that  run 
Microsoft’s  Windows  2000  Server  and 
Internet  Information  Server. That  package 
is  load-balanced  by  a  Cisco  Content 
Services  Switch  11000  and  runs  over  a 
100M  bit/sec  Ethernet  backbone. 

Infravio  secures  access  by  only  letting 
authorized  applications  running  on  auth¬ 
orized  servers  access  the  Web  services. 

“Infravio  manages  security  at  the  appli¬ 
cation  layer  rather  than  a  higher  layer,  so 
it  helped  us  provision  and  manage  secu¬ 
rity”  Reagin  says.  The  Physician  Web  ser¬ 
vice  also  uses  digital  certificates  so  only 
an  authenticated  user  can  request  infor¬ 
mation  through  the  portal.  He  says  secu¬ 
rity  is  made  easier  because  the  whole  sys¬ 


tem  runs  within  its  firewalls. 

The  overall  security  architecture  meets 
Health  Insurance  Portability  and  Account¬ 
ability  Act  regulations,  which  require 
securing  access  to  patient  data. 

On  the  development  side,  Providence 
uses  Microsoft’s  Visual  Studio  .Net  to  build 
services  that  live  on  the  network  and  can 
be  accessed  through  standard  interfaces 
based  on  XML  and  the  Simple  Object 
Access  Protocol. 

“Part  of  the  problem  was  getting  the  in¬ 
formation  in  a  semi-real-time  fashion  from 
these  different  systems  and  aggregating  it 
together  and  then  doing  the  search  and 
displaying  it  back  in  the  portal.  It’s  pretty 
difficult,”  Reagin  says.“I  think  it  could  have 
been  done  in  the  past,  but  it  would  have 
been  a  lot  more  development." 

The  reusable  Web  service  cuts  an  aver¬ 
age  of  30%  off  the  development  time  for 
new  applications  that  need  to  incorporate 
patient  data,  he  says. 


While  the  Web  service  makes  patient 
records  available  in  near  real  time  to  ER 
doctors,  it  also  lets  physicians  see  what 
sort  of  diagnosis,  tests  and  treatments  a 
patient  has  received  from  other  primary 
care  doctors.  Providence  plans  to  use  the 
Web  service  as  part  of  a  patient  service 
that  would  allow  access  to  lab  tests 
through  a  secure  messaging  system  based 
on  Web  services  developed  by  Kryptiq. 

Despite  the  progress  Reagin  has  seen,  he 
knows  there  is  more  to  come. 

“We  haven’t  used  the  full  power 
because  we  use  Web  services  only  inter¬ 
nally  and  in  a  very  limited  external  fash¬ 
ion,”  he  says.  He  says  he  hopes  other  orga¬ 
nizations  will  adopt  Web  services  and 
foster  more  business-to-business  interac¬ 
tions.  “The  true  power  of  this  is  going  to 
be  realized  when  we  can  have  other 
businesses  and  healthcare  organizations 
working  together  using  Web  services 
technology]’  he  says.  ■ 


Get  more  wireless 
connectivity  for  less. 

(Not  to  mention  more  productivity  and  flexibility.) 


SMC  Barricade  Wireless  Cable/DSL  Broadband  Router  with  FREE  PC  Card 

>  The  SMC  Barricade'"  2.4GHz  1 1  Mbps  Wireless  Cable/DSL  Broadband  Router  is  the 
ideal  net  working  solution  for  any  home  or  business  user  looking  for  a  simple,  all- 
in-one  network  product 

>  Combines  a  4-port  1 0/1 00Mbps  dual-speed  switch,  a  high  speed  1 1  Mbps  wireless 
access  point  Stateful  Packet  Inspection  (SPI)  firewall  security,  and  Virtual  Private 
Network  (VPN)  pass-through  support  into  one  convenient  device 

>  Includes  30-day  FREE  trial  version  of  ZoneAlarm®  Pro  Personal  Firewall  with 
Web  Filtering 

>  Includes  FREE  802.1 1  b  wireless  PC  Card  (a  $30  value) 
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Networks 


$59 
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$39  YOUR  PRICE 


Proxim  Tsunami  QuickBridge  11  Bundle 

>  Tsunami  QuickBridge  11  is  an  easy  to  install,  highly  reliable  dedicated  wireless 
building-to-building  connectivity  solution 

>  Pre-configured  bridges  enable  the  quick  deployment  of  an  1 1  Mbps  wireless  link 
between  networks 

>  All-in-one  box  solution  that  includes  antenna  cables,  surge  arrestors  and  high 
gain  antennas 

>  Pre-configured  for  easy  and  quick  deployment 


P  r  «  m 


$1449 

CDW  480803 


D-Link  108Mbps  Wireless  Router/PC  Card  Bundle 

>  Up  to  1 08Mbps  Wireless  Router  and  fully  compatible  to  802.1 1  g  and  802.1 1  b 

>  Integrated  4-port  switch  allows  direct  connection  of  up  to  four  computers 

>  Securely  connect  to  the  network  using  WPA  (Wi-Fi  Protected  Access)  providing 
you  a  much  higher  level  of  security  and  authentication  than  has  previously 
been  available 

>  Easy  installation 


D-Link 


5139 

-40 


CDW  577984 
MAIL-IN  REBATE' 


YOUR  PRICE 


CDW.com  •  800.399.4CDW 


Purchase  SMC  Barricade  Wireless  Cable/DSL  Broadband  Router  with  free  PC  Card  and  receive  up  to  $20  via  a  manufacturer  mail-in  rebate  Check  out  CDW.com/rebates  for  mote  information.  Offer  ends  3-31-04  ’Get  $40  via  mail-in  manufacturer  rebate  with  purchase  of  D-Link  wireless  bundles  CDW  S77984, 
569042.  S69043  or  569045,  offer  ends  3-3 1  -04  Customer  understands  that  CDW  is  not  the  manufacturer  of  the  products  purchased  by  customer  hereunder  and  the  only  warranties  offered  are  those  of  the  manufacturer,  not  CDW.  Ail  pricing  is  subject  to  change.  CDW  reserves  the  righi  to  make  adjustments 
to  pricing,  products  and  service  offenngs  for  reasons  including,  but  not  limited  to,  changing  market  conditions,  product  discontinuation,  product  unavailability,  manufacturer  price  changes  and  errors  in  advertisements  All  orders  are  subject  to  product  availability.  Therefore,  CDW  cannot  guarantee  that  it  will  be 
able  to  fulfill  customer's  orders  The  terms  and  conditions  of  sale  are  limited  to  those  contained  herein  and  on  CDWs  Web  Site  at  CDW.com.  Notice  of  objection  to  and  rejection  of  any  additional  or  different  terms  in  any  form  delivered  by  customer  is  hereby  given  O  2004  CDW  Corporation  NG'NW  3/04 


Complete  solutions 


Best  security. 


Highly  reliable 


Cost  effective 
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“Check  Point  Express  brings 


enterprise-class  security  to 
the  mid-sized  company  at  a 
price  and  performance  level 
that  meets  their  needs!’ 

Charles  Kolodgy,  Research  Director, 


Check  Point 


SOFTWARE  TECHNOLOGIES  LTD. 


We  Secure  the  Internet. 


Security  Products,  I  DC 


Secure  your  business  with  Check  Point  Express. 

Your  business  deserves  the  best  security  solution  available  today:  Check  Point  Express?  Designed  for  companies  with 
100-500  employees,  Check  Point  Express  protects  your  business  with  the  same  superior  firewall  and  VPN 
technology  that  secures  97  of  the  Fortune  100.  Yet  it’s  priced  right  for  mid-size  businesses.  With  Check  Point  Express, 
you’ll  get  performance  you  can  always  rely  on,  and  security  you  don’t  have  to  worry  about.  Its  unique  features  include 
intelligent  network  and  application-level  protection.  And  its  intuitive  interface  simplifies  every  aspect  of  security 
management.  There  is  no  better  way  to  secure  your  critical  network  resources  and  connect  remote  users  and  sites. 
See  for  yourself.  Compare  Check  Point  Express  to  competing  offerings  at  www.checkpoint.com/compareexpress. 

- -w-AiilOTk  Check  Point  Express  comes  pre-installed  on  appliances  from  Sun  and  Nokia 

..???? . .  and  runs  on  open  servers  from  Dell,  IBM,  and  other  leading  manufacturers. 
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I  first  saw  it  on  Slashdot:  A  Czech  Web 
site  reported  that  the  MSN  search  func¬ 
tion  was  blocking  searches  for  the 
string  “xfree86.”  if  true,  that  would  be  stun¬ 
ningly  pettyWell.it  was  true, but  it  looks  like 
that  is  not  all  the  butterfly’s  search  engine 
is  up  to. 

1  went  to  the  search  engine  (http:// 
search.msn.com)  to  try  for  myself, and  sure 
enough  when  1  looked  for  “xfree86”  I  got 
back  a  message  that  said: 

“You  have  entered  a  search  term  that  is 
likely  to  return  adult  content.” 

Searches  for  xfree*,  where  *  was  every¬ 
thing  from  80  to  89  other  than  86  produced 
reasonable  results  but  where  *  equaled  86 
I  got  that  same  message. 

Just  what  is  XFree86,  and  why  would  the 
overly  protective  butterfly  block  access? 
According  to  the  XFree86  Project  home 
page,  XFree86  is  “a  freely  redistributable 
open  source  implementation  of  the  X 
Window  System  that  runs  on  Unix(R)  and 
Unix-like  (like  Linux,  the  BSDs  and  Solaris 
x86  series)  operating  systems  and  OS/2.” 
That  does  not  seem  all  that  likely  to  threat¬ 
en  Microsoft’s  future,  even  if  traditionally 
“the  XFree86  Project  has  focused  on  the 
Intel  x86-based  platforms.” So  I  guess  it  was 
an  excess  of  petty  zeal  that  caused  some¬ 
one  at  MSN  to  tweak  things  in  this  way 
When  it  came  time  to  write  this  column  1 
found  out  that  it  had  not  taken  long  for  the 
Slashdot  story  to  get  the  tweak  removed. 
Searches  for  “xfree86"  now  return  almost 
230,000  responses  with  the  XFree86  Project 
home  page  as  the  top  response. 

I  tried  a  few  searches  on  MSN  search, 
Google  and  Yahoo.  Q  tried  Ask  Jeeves  but  it 
does  not  report  how  many  hits  it  gets.) 

A  few  searches  and  their  hit  counts: 
(MSN=M,  Google=G,Yahoo=Y) 

“xfree86”  —  M:  229,250;  G:  2,350,000;  Y: 
1,270,000 

“microsoft"  —  M:  21,456,004;  G: 
70,000,000;  Y:  104,000,000 
“macintosh”  —  M:  4,142,464;  G: 
1 2, 300, 000;  Y:  21,500,000 
“scott  bradner”  —  M:  5,827;  G:  23,000;  Y: 
40,600 

“bill  gates”  —  M:  60  or  802,509,  G: 
2, 650, 000;  Y:  3,750,000 
The  “60”  is  not  a  typo. The  first  few  times  I 
searched  for  “bill  gates”  1  got  60  hits.  Later, 
the  same  search  returned  more  than 
800,000.  Looks  like  the  butterfly  is  being  a 
bit  tricky. 

Based  on  these  few  tests  I’m  not  going  to 
recommend  what  search  site  you  should 
use.  But  you  can  guess  what  will  not  be  my 
default  search  site. 

For  the  past  week  or  so  the  comic  strip 
Fox  Trot  (www.ucomics.com/foxtrot)  has 
been  running  a  series  in  which  the  charac¬ 
ters  imagine  what  anti-Apple,  anti-Net- 


The  butterfly  as  protector  (or  petty  censor?) 


scape,  anti-world  special  code  might  be  in 
the  recently  leaked  Windows  source  code. 
A  corporate  environment  that  could  lead 
to  the  petty  blocking  of  searches  for  a 
potentially  competitive  product  might  just 


make  the  comic  strip  not  so  funny. 

Disclaimer:  Based  on  a  search  for 
“humor”  on  Harvard’s  home  page,  Harvard 
must  be  a  funny  place.  Not  everyone  would 
agree,  but  the  above  attempt  at  educational 


humor  is  my  own. 

Bradner  is  a  consultant  with  Harvard 
University's  University  Information  Systems. 
He  can  be  reached  at  sob@sob.com. 


DuPont 


Teflon 


At  DuPont,  we’ve  built  our  reputation  on  protecting  what’s  most  important. 
From  Kevlar”  bullet-resistant  materials,  to  Nomex”  fire-resistant  fabrics, 
DuPont  creates  the  materials  that  protect  what  matters  most. 

In  a  fire,  plenum  rated  data  communications  cables  can  be  one  of  the  largest 
sources  of  smoke,  causing  95%  of  IT  system  damage.  Limited  Combustible 
Cable  made  with  DuPont "  Teflon®  provides  the  highest  level  of  fire  and  smoke 
protection  available.  Specify  Limited  Combustible  Cable  made  with  DuPont" 
Teflon;  because  “Up  to  Code”  isn’t  the  same  as  “Maximum  Protection.” 

To  find  out  more,  or  to  locate  Limited  Combustible  Cable  manufacturers, 
visitTeflon.com/CablingMaterials. 

DuPont "  Teflonf  The  science  of  protection. 
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The  miracles  f  science 
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Open  source  database  improvements  grow 


■  BY  JOHN  COX 

New  open  source  databases  users  seem  to  blend  the 
fervor  of  religious  converts  with  the  hardheaded 
realism  of  IT  professionals. 

“1  needed  an  inexpensive  database  that  could  handle 
millions  of  records  and  generate  [query]  results  in  as 
short  a  time  as  possible,” says  Rich  Allen,  voice/data  traffic 
coordinator,  at  Matanuska  Telephone,  an  independent 
telco  in  Alaska. 

He  replaced  flat  text  files  and  the  Filemaker  application 
with  an  open  source  version  of  MySQL. 

“In  addition  to  being  free,  and  robust  enough.it  is  also 
the  most  stable  application  I  have  ever  used, ’’Allen  says. 
“MySQL  is  running  on  a  dozen  different  Mac  OS  X  servers 
and  has  never  failed  in  the  three  years  I've  been  using  it.” 

The  open  source  software  is  taking  care  of  the  most  crit¬ 
ical  data  for  the  telco:  subscriber  inventory  for  each  of 
52,000  access  lines,  billable  call  record  data  and  traffic 
logging. 

Allen’s  experience  is  typical.  Open  source  databases 
often  still  are  used  in  specialized  niches.  But  they  are 
important,  even  vital,  niches  for  a  growing  number  of  cor¬ 
porations:  Web  portals,  e-commerce  applications,  high¬ 
speed  Web  searching,  content  management,  and  most 
recently,  data  warehouse  reporting. 

Consider  what’s  happened  with  these  databases: 

•  Use  of  MySQL  grew  more  than  30%  in  2003,  according 
a  database  survey  by  Evans  Data.  In  the  same  period,  use 
of  Microsoft  SQL  Server  and  Access  grew  just  6%. 

•  FbstgreSQL  7.5,  due  out  around  June,  will  run  on 
Win32  platforms  for  the  first  time,  offer  a  passel  of  perfor¬ 
mance  improvements,  partition  data  more  efficiently  and 
might  include  support  for  two-phase  commit,  which  is 
vital  for  transaction  processing. 

•  MySQL  next  month  will  unveil  new  software  to  cluster 
database  servers, so  applications  keep  running  if  one 
server  fails. 

•  February  saw  the  release  of  Version  1.5  of  Firebird, 
which  is  based  on  Borland’s  short-lived  public  release  of 
the  venerable  Interbase  source  code  in  2000.  A  key 
change  is  shifting  the  code  to  C++  in  preparation  for  an 
array  of  enterprise-related  improvements  being  ham¬ 
mered  out  for  Firebird  2.0. 

A  nice  mix 

The  mix  of  developers,  consultants  and  some  vendors 
in  the  communities  that  create  and  extend  these  databas¬ 
es  are  moving  between  adding  features  that  make  these 
open  source  applications  more  reliable,  and  trying  to 
avoid  the  panoply  of  elements  that  make  commercial 
databases  such  as  Oracle  or  Microsoft  SQL  Server  com¬ 
plex  and  demanding. 

Increasingly,  these  databases  are  being  seen  as  part  of  a 
package,  or  stack,  of  open  source  software  that  can  create 
an  application  infrastructure  for  corporations.The  initial 
version  of  the  stack  was  dubbed  lAMRfor  the  Linux  oper¬ 
ating  system,  the  Apache  Web  server,  the  MySQL  database, 
and  either  PHR  Python  or  Perl  as  the  development  lan¬ 
guage.  PostgreSQL  boosters  have  been  promoting  what 
they  call  a“brighter  LAMP.”  which  is  Linux,  Apache,  mid¬ 
dleware  (such  as  Java  application  servers  and  messag¬ 
ing)  and  PostgreSQL. The  effort  reflects  the  consensus  that 


Open  source  databases 
slowly  gain  adherents 

Percent  of  respondents  who  use,  or  expect 
to  use,  an  open  source  database  in  the 
coming  year  for: 

An  in-house 
database 
project 

Do  not  use, 
nor  expect 
to  use 

A  commercial 
product 

An  embedded 
application 

A  backend 
to  wireless 
application 

This  question  was  answered  by  536  corporate  database  users, 
in  small  to  large  companies,  during  a  December  2003  survey. 

Users  were  allowed  more  than  one  response. 

SOURCE:  EVANS  DATA 

V _ _ _ _ _  ' 

PostgreSQL  is  better  suited  to  large-scale,  high-volume 
applications. 

“Smaller  companies  want  a  simple  [application]  solu¬ 
tion,  with  no  licensing  fees,  which  they  can  get  up  and 
running  quickly” says  Fred  Moyer,  a  founder  with  his  part¬ 
ner  of  Redhotpenguin.com,  a  consultancy  specializing  in 
open  source  database  applications  based  on  PostgreSQL. 
The  open  source  stack  lets  him  do  all  that,  and  he  can 
deploy  ready-to-use  application  modules,  written  in  Perl, 
from  sites  such  as  Cpan.org. 

Moyer  is  working  with  a  few  large  companies  that  are 
evaluating  PostgreSQL  as  a  potential  replacement  for 
some  of  the  Oracle  databases  they  currently  use.“Not 
everything  they  need  is  there  yet  [in  PostgreSQL] he 
says.“But  it  will  be  during  the  next  six  to  24  months.” 

The  Robert  Frances  Group,  a  market  research  firm, 
recently  completed  a  study  on  ROI  for  Linux  deploy¬ 
ments  in  corporations.“We  found  that  application  ‘own¬ 
ers’  are  more  willing  to  look  [farther]  up  the  stack  for 
open  source  deployments,  to  consider  application  servers 
and  databases,”  says  Chad  Robinson,  senior  business  ana¬ 
lyst  with  the  firm. 

It’s  easier  to  treat  open  source  databases  as  part  of  a 
software  infrastructure  because  developers  are  adding 
the  features  needed  for  that  role. 

MySQL,  the  U.S.arm  of  MySQL  AB  in  Sweden,  will 
release  next  month  at  its  annual  user  conference  details 
of  new  database  clustering  software. The  company  just 
acquired  the  software  from  Ericsson,  which  had  started 
the  project  to  let  applications  riding  its  cellular  hardware 
shift  from  a  failed  database  server  to  a  backup  without 
losing  data  or  crashing. 

The  clustering  software  will  be  an  additional  product 
from  the  company,  and  like  the  MySQL  database  itself  will 
be  available  either  under  an  open  source  license,  the 


GNU  General  Public  License  or  under  a  commercial 
license. 

The  new  software  is  part  of  an  effort  to  make  the 
MySQL  database  indispensable  in  critical  applications, 
such  as  online  air  ticket  fare  searching  as  users  search 
Sabre  Holdings  and  Travelocity'Jt  will  cause  people  to 
look  at  MySQL  in  a  whole  different  light,” says  Zack 
Urlocker,  vice  president  of  marketing  for  MySQL. 

In  the  past  year,  the  database  has  added  support  for 
transactions  and  stored  procedures  and  other  enterprise 
features,  all  of  which  have  been  standard  on  commercial 
products  for  years. 

PostgreSQL  7.5  is  due  out  this  summer,  with  the  major 
change  being  a  port  for  Win32-based  operating  systems, 
says  Josh  Berkus,  one  of  five  members  of  the  FbstgreSQL 
Core  Team  that  acts  as  project  administrators  for  the 
development  work.  Currently  the  database  only  can  run 
on  Windows  operating  systems  via  an  emulator,  which 
limits  access  to  a  range  of  operating  system  features. 

PostgreSQL  traces  its  roots  to  Ingres  database  project  at 
the  University  of  California  at  Berkeley  in  the  mid-1980s. 

Other  changes  in  7.5  will  include: 

•  A  new  memory  management 

algorithm  to  boost  performance  for  big  databases  with 
lots  of  user  activity 

•  Table  spaces  to  simplify  storing  data  in  specific  disk 
location,  called  partitions,  which  lets  you  create  big  data¬ 
bases  that  still  have  fast  performance. 

•  Two-phase  commit,  which  controls  updates  to  two  or 
more  database  at  once  during  an  online  transaction. 

Firebird  1.5  shifts  the  source  code  from  C  to  C++,  along 
with  a  big  cleanup  of  the  code,  new  memory  manage¬ 
ment  improvements  and  numerous  bug  fixes.  Another  big 
change  has  been  several  enhancements  to  the  SQL  query 
optimizer.  Users  report  queries  now  run  30%  to  60%  faster, 
and  in  some  cases  even  faster. 

Speed,  simplicity 

Users  on  the  Sourceforge.net’s  Firebird  site  and  other 
Internet  sites  report  they  like  the  compact  size  of  the 
database,  its  support  for  Java,  its  speed,  its  simplicity  and 
its  straightforward  installation  on  Win32  computers. 

The  new  release  is  the  foundation  for  what  is  expected 
to  be  substantial  innovations  inversion  2.0, especially  in 
performance  and  security.  Users  are  pushing  for  better 
support  for  symmetrical  multiprocessor  servers  and 
expanded  SQL  operations. 

Many  of  these  changes  have  long  been  standard  fea¬ 
tures  of  the  commercially  licensed  databases.  User  appli¬ 
cation’s  requirements  determine  which  open  source  data¬ 
base  to  use,  or  even  whether  to  use  one  at  all. 

Compiere  is  an  open  source  ERP/CRM  suite,  which  has 
stayed  in  the  top  10  list  of  most  downloads  for  a  good 
part  of  the  past  two  years  at  Sourceforge.net,  a  Web  site 
for  open  source  development  projects.There  have  been 
more  than  630,000  Compiere  downloads,  according  to 
Jorge  Janke.one  of  the  Compiere  project  administrators. 

But  the  suite  is  not  wedded  to  an  open  source  database. 
The  Compiere  team  ran  into  some  limitations  in  its  first 
effort  to  make  the  software  work  with  FbstgreSQL,  he 
wrote  in  an  email.  MySQL  lacked  a  feature  set  the  devel¬ 
opers  deemed  necessary  The  goal  now  is  to  make 
Compiere  “database  independent,”  he  wrote.* 
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N+1  UPS 

Scalable,  modular  and 
manageable  UPS  with  N+1 
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1U  appliance  +  1U  24-post 
hub  provide  remote  man¬ 
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through  a  single  IP  address. 
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Monitoring 
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routing  allows  for 
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NetworkAIR”  FM 

Modular  floor  mount 
precision  air  conditioning 
for  environmentally  sen¬ 
sitive  equipment  areas. 
Multiple  installation 
choices:  in-row  (shown), 
down  flow  air  discharge 
(raised  floors),  up  flow 
(single  rows). 


PDU  with 
System  Bypass 

Rack-optimized  design 
with  configure-to-order 
multi-branch  whips  to 
speed  installation. 


[power  routing] 


InfraStruXure ” :  Deploy  quickly.  Pay  as  you  grow. 


5Cu 


Infrastructure 


POWER  RACK  COOLING 


On-demand  architecture  for  network- 
critical  physical  infrastructure 


An  on-demand  architecture  for  network- 
critical  physical  infrastructure  (NCPI*), 
InfraStruXure™  speeds  the  specification, 
design,  and  installation  of  IT  environments. 


Using  a  Web-based  configuration  tool  to  simplify  the  design 
process  and  a  configure-to-order  approach,  InfraStruXure's 
rack-based,  standardized  modules  provide  you  with  a  pre-tested, 
integrated  system  that  assembles  in  a  matter  of  hours. 

APC  InfraStruXure  is  built  for  speed  and  more:  system  resiliency, 
lower  cost,  higher  availability.  So,  if  you're  looking  to  deploy  your 
servers  in  days,  look  no  further  than  InfraStruXure. 


For  more  information,  visit  us  today  at  www.apc.com. 

*NCPI  is  the  foundation  of  highly  available  networks,  and  consists  of  power,  power  distribution,  racks, 
cabling,  cable  distribution,  cooling,  cooling  distribution,  integrated  services,  and  management  strategy. 


BEFORE 


Equipment  Racks 


Batteries 


UPSs 


AFTER 


InfraStruXure  Architecture 


Traditional  data  centers  are 

built  out  for  future  capacity  and 
require  a  large  amount  of  floor 
space  that  could  be  otherwise 
utilized.  High  power  density  racks 
create  dangerous  hot  spots. 


InfraStruXure  "  lets  you  build  out 
capacity  only  as  it's  required.  Save 
up  to  50%  CapEx  and  20%  OpEx)* 
and  reclaim  an  average  of  20%  usable 
space.  InfraStruXure  delivers  cooling 
directly  where  it  is  needed,  eliminating 
dangerous  hotspots. 


*  Representative  savings  based  on  projected  power  infrastructure  built-out 
costs  and  estimated  service  cost  per  unit.  Actual  savings  may  vary. 
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Legendary  Reliability” 


Unleash  Linux! 


We  see  flexibility  as  a  key  to  growth.  And  the  key 
to  flexibility?  Open,  industry-standard  systems. 
That’s  why  more  businesses  are  choosing  HP  systems 
to  run  Linux.  Over  5,000  experts  are  helping  our 
customers  use  Linux  to  support  business-critical 
processes.  We’ve  also  partnered  with  companies 
like  BEA,  Oracle  and  SAP  to  ensure  your  entire 
business  can  stay  flexible.  The  result?  You’ll  be 
ready  for  the  changes  of  tomorrow. 
www.hp.com/info/linux 


Guglielmo  Marconi  did  RF  well. 

But,  in  Wireless  LAN  Systems,  no  one  does  RF  as  well  as  Airespace. 


Airespace  believes  it's  essential  for  a  Wireless  LAN  system  to 
dynamically  monitor  for  noise,  interference,  and  rogues  -  without 
extra  access  points  being  required.  The  missing  piece  for 
Wireless  LAN  performance  is  the  ability  to  change,  to  adapt 
dynamically  to  the  wireless  environment  -  and  to  do  it  without 
hiring  a  lot  of  RF  engineers  into  your  enterprise. 

With  an  Airespace  Wireless  LAN  System,  the  network  remains  in 
service  without  any  noticeable  performance  degradation,  even 
when  dynamic  power  control,  channel  assignment  and  load 
balancing  are  keeping  your  network  optimized.  So  there  are  no 
network  outages  when  you  are  placing  a  phone  call  across  an 
Airespace  network.  Ever. 


And  Airespace's  network  management  system  provides  a  total 
view  of  the  entire  RF-domain  allowing  you  to  generate  reports, 
view  and  monitor  real  events,  and  manage  your  entire  Wireless 
LAN  network.  We  can  also  detect  RF  attacks  on  your  network 
and  "blacklist"  questionable  users. 

With  Airespace,  the  RF  engineer  comes  in  the  system. 

Find  out  more  about  Airespace's  Wireless  LAN  Systems  RF  capa¬ 
bilities  by  logging  on  to  our  web  site,  www.airespace.com/RF 
because  no  one  does  RF  like  Airespace. 
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IPass  spreading  its  Wi-Fi  wings 


■  BY  DENISE  PAPPALARDO 

Global  service  provider  iPass  has  more 
than  doubled  the  reach  of  its  wireless 
LAN  network  through  an  agreement  with 
T-Mobile. 

As  of  last  week,  iPass  Corporate  Access 
customers  can  connect  to  their  VPN  over 
any  of  T-Mobile’s  4,200  hot  spots  through¬ 
out  the  U.S.That  brings  iPass’  number  of  hot 
spots  available  to  business  users  up  to 
7,800  in  24  countries. 

IPass  and  T-Mobile  first  announced  their 
agreement  in  December.  Since  then,  iPass 
has  been  testing  and  integrating  T-Mobile’s 
hot  spots  into  its  access  point  network. 

IPass  is  aggressively  expanding  the  reach 


■  AT&T  has  inked  a  five-year,  $27  mil¬ 
lion  deal  with  The  Sports  Authority. 

The  carrier  is  providing  local,  long-dis¬ 
tance  voice,  data,  video  and  IP  ser¬ 
vices  to  the  national  sporting  goods 
retailer,  linking  its  385  stores  in  45 
states.  AT &T  says  The  Sports  Auth¬ 
ority  will  use  its  new  network  infra¬ 
structure  to  support  an  inventory-con¬ 
trol  system  and  disaster- recovery  sup¬ 
port  to  all  locations.  AT &T  also 
announced  a  three-year,  $3.6  million 
deal  with  CareCore  National,  an 
outpatient  diagnostic  imaging  services 
organization.  AT&T  is  providing  local, 
long-distance  voice,  data  and  IP  ser¬ 
vices  to  the  company's  call  centers, 
which  support  20  million  customers. 

■  Corvis,  the  parent  company  of 
Broadwing  Communications,  an¬ 
nounced  last  week  that  it  plans  to 
acquire  competitive  local  exchange 

carrier  Focal  Communications  for 

$210  million.  Focal  provides  local  voice 
and  data  services  to  business  users  in 
24  markets.  Corvis  plans  to  integrate 
Focal's  local  presence  with  Broad¬ 
wing's  long-haul  data  network,  thereby 
reducing  Broadwing's  dependency  on 
incumbent  local  carriers  in  certain 
markets.  Corvis  says  it  expects  Focal 
to  report  2003  year-end  revenue  of 
about  $320  million. 


of  its  Wi-Fi  service,  says  Anurag  Lai,  vice 
president  of  business  development.  “We 
launched  the  service  with  about  400  hot 
spots.  .  .  .  and  now  we’re  at  7,800  with 
T-Mobile,”  he  says. 

The  company’s  Wi-Fi  service  is  part  of  its 
iPass  Corporate  Access  offering.  It’s  a 
remote-access  service  that  spans  the  world 
and  multiple  technologies.  While  most 
iPass  customers  still  use  its  dial-up  service, 
they  have  the  choice  of  DSL,Wi-Fi  or  broad¬ 
band  Ethernet  access  at  hotels. 

“Customers  use  the  same  client  software 
to  access  their  corporate  network  regard¬ 
less  of  access  technology  or  geographic 
location.  We  offer  robust  seamless  integra¬ 
tion  to  our  clients.  We’re  not  a  fly-by-night 
network,”  Lai  says. 

While  iPass  offers  an  expansive  world¬ 
wide  reach,  its  network  is  entirely  made  up 
of  other  carrier’s  networks  tied  together  by 
iPass  software. 

Other  service  providers  such  as  Boingo 
Wireless  and  Gric  Communications,  exclu¬ 
sively  on  the  Wi-Fi  front,  also  have  estab¬ 
lished  aggregator  networks,  although  nei¬ 
ther  sells  directly  to  businesses.  Fiberlink 
Communications,  on  the  other  hand,  uses 
Boingo’s  network  of  hot  spots  to  offer  an 
integrated  VPN  service  that’s  most  directly 
comparable  to  the  iPass  offering,  says 
Pyramid  Research  analyst  John  Yunker. 

Fiberlink  and  iPass  each  offers  software 
that  lets  users  easily  integrate  their  VPN 
client, Yunker  says.“Fiberlink  has  taken  the 
lead  with  a  more  user-friendly  client,  but 
iPass  has  made  some  great  strides,”  he  says. 

Underwriters  Laboratories  in  North¬ 
brook,  111.,  is  pleased  with  the  service. About 
3,000  of  the  company’s  6,000  employees 
use  the  iPass  Corporate  Access  service  to 
connect  to  their  VPN  from  around  the 
world,  says  Scott  Kinsella,  director  of  cor¬ 
porate  IT  services  at  the  nonprofit.  Under- 
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writers,  an  independent  product  safety  test¬ 
ing  and  certification  organization,  teamed 
with  iPass  about  a  year  ago. 

In  the  past  six  months  the  company  has 
aggressively  deployed  Wi-Fi-ready  laptops 
so  users  have  the  choice  of  connecting 
via  dial-up,  DSL  or  wireless  LAN  (WLAN) 
service. 

“Only  10%  of  our  users  are  wirelessly 
enabled  at  this  time,  but  we  see  it  as  a  fast 
growing  service,”  he  says.  “In  the  past  it 
didn’t  make  sense  to  upgrade  all  of  the 
laptops  [with  WLAN  modems]  because 
there  wasn’t  much  availability!’  Now  Wi-Fi 
support  is  a  standard  component  of  all 
new  company  laptops,  he  says. 

Underwriters  used  AT&T  Global  Net¬ 
work  services  before  switching  to  iPass, 
Kinsella  says.  “We’re  pleased  with  the 
change.  We  have  saved  hundreds  of  thou¬ 
sands  on  cost,  and  [iPass]  provides  a 
much  broader  footprint,”  he  says.  ■ 


■  BY  GRANT  GROSS 

Satellite  service  provider  Hughes  Net¬ 
work  Systems  is  throwing  its  weight  behind 
an  open  standard  used  to  transmit  satellite 
broadband  signals  called  IP  over  Satellite. 
It  is  an  open  standard  Hughes  developed 
and  on  which  its  DirectWay  Internet  access 
service  is  based. The  Telecommunications 
Industry  Association  also  ratified  the  speci¬ 
fication  late  last  year. 

According  to  a  white  paper  Hughes  pub¬ 
lished,  the  open  standard  “specifies  the  lay¬ 
ered  architecture  and  protocols  for  the 
transmission  of  IP  packets  between  a  cen¬ 
tral  hub  station  and  remote  satellite  termi¬ 
nals  using  standard  Ku-band  .  .  .  geosyn¬ 
chronous  satellites.” 

IPbS  is  compatible  with  all  IP  services 
such  as  videoconferencing,  VoIP  VPN,  Web 
browsing  and  Wi-Fi.  IPoS  is  used  on  about 
300,000  satellite  terminals  that  Hughes 
has  sold. 

Earlier  this  month,  Hughes  announced 
that  it  was  forming  the  IFbS  Forum  to  pro¬ 
mote  the  standard’s  adoption.  Company 
officials  say  it  is  important  for  the  satellite 
industry  to  encourage  development  of  an 
open  satellite  broadband  standard. 

Most  satellite  broadband  providers  have 


Cost  of  Wi-Fi 

It  can  be  difficult  to  figure  out 
how  much  you  might  pay  for  the 
iPass  Corporate  Access  Wi-Fi 
service.  This  example  might  help: 


Number  of  Wi-Fi  users 

300 

Average  number  of 
sessions  per  user, 
per  month 

5 

Total  number  of 
sessions  per  month 

1,500 

Average  Wi-Fi 
connection  time 

38  minutes 

Total  minutes  of  use 

57,000 

Average  per-minute 
price 

12  cents 

Monthly  service  fee 

$6,840 

SOURCE:  IPASS 

been  using  proprietary  technology  in 
their  satellite  systems, says  Pradman  Kaul, 
chairman  and  CEO  of  Hughes.  “This  has 
led  to  systems  that  do  not  talk  to  each 
other!’ 

IPoS  is  not  the  only  broadband  satellite 
standard  available.  The  digital  video 
broadcast  —  return  channel  via  satellite 
(DVB-RCS)  standard,  created  through  an 
organization  called  the  DVB  Forum,  is 
also  an  open  standard  that  allows  two- 
way  communication  with  satellites. 
Hughes  officials  say  DVB-RCS  could  be 
developed  further,  but  they  promoted 
IFbS  as  the  only  interface  specifically 
designed  for  efficient  delivery  of  broad¬ 
band  satellite  services. 

The  company  says  it  will  license  some 
of  its  intellectual  property  related  to  IPoS 
royalty-free  to  other  companies  working 
on  IPoS-related  products.  Hughes  has 
lined  up  support  for  IPoS  from  several 
technology  companies,  including  HRlntel 
and  Microsoft.  No  other  satellite  broad¬ 
band  vendors  are  on  board  yet,  but 
Hughes  officials  expect  significant  inter¬ 
est  in  IPbS. 

Gross  is  a  correspondent  with  the  IDG 
News  Service’s  Washington,  D.C,  bureau. 


Hughes  pushes  satellite 
broadband  standard 
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EYE  ON  THE 
CARRIERS 

Johna  Till 
Johnson 


Maybe  it’s  the  depressing  weather:  In 
much  of  the  U.S.,  it’s  gray  and  dis¬ 
mal,  without  even  a  hint  of  spring. 
Or  maybe  it’s  the  drumbeat  of  IT  jobs  get¬ 
ting  outsourced  to  India,  highlighting  the 


commoditization  of  tech  skills. Or  possibly 
it’s  that  former  WorldCom  CEO  Bernie 
Ebbers  finally  got  indicted  for  fraud  —  but 
too  late  to  save  the  company  that  he  man¬ 
aged  to  destroy  out  of  misguided  ego, 


greed  and  a  lust  for  power. 

Whatever  it  is,  I’ve  lately  heard  several 
folks  voice  sentiments  of  loss  and  disil¬ 
lusionment. 

Researchers  who  were  active  in  the 
early  days  of  the  IETF  tell  me  they  miss 
the  time  when  six  weeks  of  focused  effort 
could  result  in  standards  that  made  a  dif- 
ference.“What  we’re  pining  for  is  a  way  to 
do  cool  and  fun  things,  to  do  them  rela¬ 
tively  quickly  and  in  the  way  that  we  feel 
is  best  —  and  then  have  it  change  the 
world,”  writes  one. 

A  fellow  writer  confessed  disappoint¬ 
ment  upon  learning  of  Ebbers’  indict¬ 
ment:  “1  expected  to  feel  happy  about  the 
fact  that  justice  was  finally  served  —  but 
instead  it  was  just  a  letdown.” 

So  what’s  up?  Are  we  collectively  under 
the  weather,  or  is  this  truly  the  end  of  an 
era?  Was  there  a  brief  shining  “Age  of 
Innocence”  when  idealistic  techies  were 
able  to  change  the  world,  before  greed- 
heads  and  hucksters  hijacked  their  ideas 
for  politics  and  profit?  Is  that  age  over 
for  good? 

I’ll  give  the  time-honored  consultant 
response:  Yes  and  no.  Yes,  things  were  dif¬ 
ferent  in  1994,  back  before  most  politi¬ 
cians  or  CEOs  had  heard  of  the  Internet. 
Techies  were  able  to  change  the  world  — 
and  were  honored  for  it.  It  happened. That 
age  was  real. 

But  no,  I  don’t  think  this  is  the  end.  The 
wonderful  thing  about  technical  innova¬ 
tion  is  that  it’s  perennial. 

Researchers  in  labs  in  the  U.S.  and 
abroad  are  working  on  new  technologies 
that  will  change  the  world  —  again. 
They’re  exploring  grid  computing,  virtual¬ 
ization,  real-time  databases  and  applica¬ 
tion  communication  technologies  that 
are  revolutionizing  system-to-system  com¬ 
munications. 

Open  source  development  is  coming 
into  its  own.  And  inside  corporations,  IT 
executives  are  brewing  up  some  of  the 
best  and  most  innovative  homegrown 
applications  I’ve  seen  in  a  decade. 

Yes,  the  1980s  and  1990s  were  a  rare  and 
special  time  for  computing  and  commu¬ 
nications.  But  so  were  the  1970s.  And 
1960s. And  1950s  and  ....Get  the  picture? 
Spring  always  returns  —  even  after  the 
longest  winter.  While  no  two  springs  are 
ever  exactly  the  same,  they  all  hold  the 
promise  of  new  things  unfolding.  So  don’t 
give  in  to  the  winter  doldrums  —  keep 
your  eye  on  the  unfolding  next  new  tech 
adventure. 

A  brief  correction:  In  my  last  column,  I 
wrote  that  the  AT&T  Wireless  sale  would 
“fatten  up  AT&T’s  cash  reserves.” 

AT&T  benefits  from  reclaiming  its 
brand  but  doesn’t  get  the  cash.  AT&T 
Wireless  was  entirely  spun  off  from  AT&T 
in  2001. 

Johnson  is  president  and  chief  research 
officer  at  Nemertes  Research,  an  indepen¬ 
dent  technology  research  firm.  She  can  be 
reached  at  johna@nemertes.com. 
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Deploy  Ethernet  services 

to  your  business  customers  with 
MRV's  wide  range  of  Ethernet 
Service  "Demarcation  products. 


Keep  your  network  secure 

with  MRV's  secure,  remote  console 
and  power  management  solutions. 


Transport  gigabits  of  data 

with  MRV's  WDM  solutions  -  extend 
the  life  of  your  fiber  with  our  broad 
line  of  media  converters  and  repeaters. 


MRV  has  been  a  pioneer  in  Ethernet  Access,  Optical  Transport,  and 
Management  &  Control  solutions  for  over  15  years.  World-class 
companies  choose  MRV  for  unlimited  connectivity  options. 
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NETGEAR 


FSM7326P 

Layer  3  Power-over-Ethernet  Managed  Switch 


Managed  Layer  3  Gigabit  Switches 


GSM7324  24-port 


GSM7312  12-port 


Managed  Layer  2  Gigabit  Switches 

Omm — I,  i  -f 


GSM712F  12-port 


Managed  Stackable  10/100  Mbps  Switch 


FSM750S  48-port 


has  the  proof. 


Budget  proof. 

Why  spend  nearly  $100  a  port  for  one  of  our  competitor's  switching  solutions 
when  you  can  own  a  NETGEAR®  FSM7326P  24+2  Layer  3  Power-over- Ethernet 
managed  switch  for  just  $46  a  port?  Or  pay  just  $1 1  8  a  port  for  the  NETGEAR 
GSM731  2  1  2-port  Layer  3  Gigabit  switch  where  others  are  priced  at  $235  a  port, 
a  whopping  50%  savings  over  competitive  solutions. 

Hassle  proof. 

With  the  FSM7326P,  you'll  get  a  fast  switch  with  Gigabit  speeds,  VLAN  and  subnet 
segmentation,  advanced  bandwidth  management  and  a  migration  path  to  VoIP 
and  wireless  networking.  You'll  get  a  switch  that's  hassle  proof,  ready  to  work  out 
of  the  box  and  easy  to  use.  Standards-based,  NETGEAR  managed  switches  are 
also  future  proof,  able  to  integrate  seamlessly  at  every  level,  so  you  can  easily  grow 
current  networks  and  accommodate  new  ones. 

Bullet  proof. 

Since  1996,  the  reliability  and  flexibility  of  NETGEAR  switches  have  enabled  higher 
performance  and  dependability  in  networks  across  the  globe.  Whether  you're 
planning  for  rapid  expansion  or  need  to  implement  fast  changes  to  meet  unexpected 
demands,  NETGEAR  offers  a  wide  choice  of  switches  from  unmanaged  Fast  Ethernet 
up  to  the  latest  Layer  3  Gigabit  solutions. 


Proof  positive  NETGEAR  is  the  choice  for  you. 

More  proof  — a  FREE  Palm®V. 

Get  a  Palm  V  with  the  purchase  of  any  of  the  NETGEAR 
managed  switches  listed  on  the  left,  including  FSM7326P, 

GSM731 2,  GSM7324,  GSM71 2,  GSM71 2F  and  FSM750S. 

This  offer  ends  June  30,  2004.  Plus,  you  can  register  for  a  FREE  white  paper 
on  managed  switching. 

Go  to  http://www.netgear.com/go/euadmswitch. 

To  learn  more  about  NETGEAR's  entire  range  of  business-class  switch, 
wireless  and  security  networking  products,  call  your  local  reseller  or  visit 
www.netgear.com/where_to_buy.html  to  find  a  location  near  you. 
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The  Company  That  Wired 
the  Network  Now  Unwires  It 


Introducing  the  3Com ®  Suite 
of  802.11  Wireless  Solutions 


Imagine  untethered  network  and  Internet  access  from  anywhere  in  your  home  or 
office.  3ComR  brings  freedom  of  choice  to  wireless  with  one  of  the  most  comprehensive 
wireless  networking  suites  on  the  market  today. 


3Com®  OfficeConnect® 
Wireless  11  a/b/g  PC  Card, 
1 1  g  Gateway 


3Com  wireless  products  come  in  a  variety  of  price  points  and  are  scalable  from  home 
and  small  office  to  enterprise  solutions.  Our  OfficeConnect®  line  for  home  and  small 
offices  is  among  the  first  to  ship  with  the  latest  802. llg  standards  and  new  256-bit 
Wi-Fi  Protected  Access  (WPA)  encryption  security. 

Our  enterprise-class  products  include  an  lla/b/g  PC  Card  with  patented  XJACK® 
antenna  and  dual-mode  upgradeable  access  points  that  offer  you  the  freedom  to  mix 
and  match  802.11  a,  b,  or  g  standards  to  meet  different  coverage  and  bandwidth 
needs,  and  featuring  the  latest  suite  of  security  standards  enabling  customers  to 
match  the  level  of  security  to  their  specific  environments. 

Best  of  all,  every  3Com  wireless  product  is  backed  by  nearly  30  years  of  Ethernet 
networking  expertise. 

Feel  free  to  unwire  your  office.  Visit  www.3com.com/wireless  today  to  find  the 
3Com  wireless  solution  that  works  best  for  you. 
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FOR  TYING  TELEWORKERS  TO  THE  ENTERPRISE 


Linksys  boosts  WLAN  speeds 

SpeedBooster  products  call  into  question  competitors’  use  of  proprietary  technologies  in  802.11  standard. 


Good  neighbor,  bad  neighbor 


Because  SpeedBooster  uses  only  one  channel,  three  nearby  networks 
can  coexist  without  interference,  so  long  as  they  each  use  a  different 
channel,  1, 6  and  11.  But  if  one  of  the  three  networks  uses  Super  G,  it  must 
use  Channel  6  and  will  hog  parts  of  channels  1  and  11,  severely  impeding 
the  performance  of  its  neighbors. 

SpeedBooster 


Channel  1 


Channel  6 


Channel  11 


■  BY  TONI  KISTNER 

Linksys  this  week  announced  a  line  of 
802. 1  lg  gear  that  the  company  says  signifi¬ 
cantly  boosts  wireless  LAN  speeds  without 
the  use  of  proprietary  technology.  Speed- 
Booster.  an  extension  of  the  802.1  lg  stan¬ 
dard,  increases  performance  by  35%  on  a 
Speed  Booster-only  network,  and  up  to  20% 
when  used  with  standard  802.1  lg  prod¬ 
ucts,  Linksys  says. 

The  move  is  in  response  to  the  success 
small  office/home  office  network  rivals 


■  Vonage  recently  announced  that 
Circuit  City  would  begin  selling  its 
broadband  telephony  starter  kit.  The 
Vonage  package,  essentially  a  con¬ 
verter  box  that  connects  to  a  broad¬ 
band  router  and  analog  phone  line, 
lets  users  make  local,  toll  and  domes¬ 
tic  long-distance  telephone  calls  over 
the  Internet  for  a  flat  monthly  fee. 
Standard  features  include  caller  ID, 
call  waiting,  voice  mail,  call  forward¬ 
ing  and  emergency  calling.  Other  fea¬ 
tures  include  the  ability  to  check  voice 
mail  over  the  phone  and  online,  and 
the  ability  to  choose  any  area  code, 
regardless  of  location.  The  starter  kit 
costs  $99;  monthly  services  start  at 
$15  for  residential  customers  and  $50 
for  small  businesses. 

■  Citrix  recently  completed  its  acqui¬ 
sition  of  Expertcity,  announced  last 
December.  Citrix  paid  about  $225  mil¬ 
lion  for  the  company  in  an  even  mix  of 
cash  and  stock.  The  acquisition  ex¬ 
pands  Citrix's  enterprise  server-based 
remote-access  products  to  include 
Expertcity's  consumer-focused, 
browser-based  GoToMyPC  desktop 
remote-access  product  and  its  GoTo- 
Assist  tech  support  and  collaboration 
product.  Expertcity  still  will  operate 
out  of  its  Santa  Barbara,  Calif.,  offices 
as  the  Citrix  Online  Division,  with  for¬ 
mer  president  Andreas  von  Blottnitz 
serving  as  president. 


Netgear  and  D-Link  Systems  are  having 
with  Super  G,  a  wireless  chip  technology 
developed  by  Atheros.  Super  G  uses  a  pro¬ 
prietary  technique  called  “channel  bond¬ 
ing”  to  achieve  108M  bit/sec-rated  speeds 
when  used  with  similar  equipment. 

Netgear  and  D-Link  started  selling  Super 
G  gear  last  year;  Netgear  says  Super  G 
makes  up  about  30%  of  its  802.1  lg  equip¬ 
ment  sales.  Touting  a  standards-only 
approach,  Linksys  has  resisted  and  seen  a 
slight  drop  in  WLAN  market  share  —  from 
56.59%  in  December  2003  to  53.13%  in  Jan¬ 
uary  2004  —  to  sales  of  competitors  faster 
equipment. 

Chip  vendors  such  as  Atheros  and 
Conexant  have  developed  higher-speed 
wireless  products  powered  by  a  mix  of 
standards-based  technology  and  propri¬ 
etary  techniques  such  as  packet  bursting, 
hardware  encryption,  and  most  notably, 
channel  bonding.  The  development  is 
because  the  IEEE’s  802.1  In  standard, 
which  is  expected  to  get  100M  bit/sec 
speeds,  is  at  least  a  year  away  and  to  meet 
the  performance  demands  of  emerging 
entertainment  networks. 

However,  such  products  only  achieve 
higher  speeds  when  they  communicate 
with  other  similar  products,  which  flies  in 
the  face  of  the  Wi-Fi  Alliance’s  push  to 
ensure  all  Wi-Fi  products  interoperate.  The 
group  has  certified  products  using  Super  G 
and  others  for  interoperability,  but  only  in 
standard  54M  bit/sec  mode.  The  Wi-Fi  Alli¬ 
ance  says  it  will  not  certify  any  vendor’s 
108  mode  or  any  proprietary  mode. 

D-Link  and  Netgear  use  the  same  Atheros 
Super  G  chip,  but  whether  their  products 
interoperate  isn’t  clear.  D-Link  says  they  do. 
Netgear  says  its  customers  say  they  do  but 
Netgear  won’t  support  interoperability  with 
D-Link  Super  G.  Atheros  says  they  interop¬ 
erate;  rival  Broadcom,  which  developed 
the  technology  on  which  SpeedBooster  is 
based, says  they  do  not. 

But  the  biggest  problem  with  Super  G 
isn’t  the  lack  of  interoperability:  It’s  the  use 
of  channel  bonding. Network  World  colum¬ 
nist  Kevin  Tolly  of  The  Tolly  Group  con¬ 
ducted  tests  (which  Broadband  commis¬ 
sioned)  in  December  that  showed  stan¬ 
dard  802. 1  lg  networks  suffer  severe  perfor¬ 
mance  degradation  when  near  a  Super  G 
network. 802. 1  lg  has  1 1  channels, but  only 
three  are  non-overlapping,  which  means 
you  can  operate  three  wireless  networks  in 
the  same  area  without  interference, so  long 


as  they  are  set  to  channels  1,  6  and  11, 
respectively  To  achieve  higher  throughput, 
the  technique  “bonds”  together  Channel  6, 
half  of  Channel  1  and  half  of  Channel  11, 
degrading  nearby  networks’  performance. 

Last  week, Tolly’s  team  completed  a  new 
round  of  tests,  extending  the  range 
between  Super  G  and  standard  802. 1  lg 
networks  to  30, 50, 100  and  150  feet.  Tolly 
also  tested  an  Atheros  Super  G  network 
against  an  Atheros  standard  802.1  lg  net¬ 
work.  These  tests  address  claims  that  the 
first  tests  placed  the  networks  too  close 
together  and  that  testing  Super  G  against 
Broadcom  standard  802.1  lg  equipment 
created  a  bias. 

Although  the  results  won’t  appear  on 
Tolly’s  Web  site  until  April,  he  gave  Network 
World  a  sneak  peek.  In  testing  a  Netgear 
Super  G  network  against  a  Netgear  stan¬ 
dard  802.1  lg  network  positioned  30  feet 
apart,  the  mean  was  48.5M  bit/sec  for  the 
Super  G  network,  but  1 .4M  bit/sec  for  the 
standard  network  (see  graphic,  page  43). 

“The  new  results  don’t  show  anything 
that  contradicts  what  we  found  previously 
Tolly  says.“Even  at  30  and  50  feet  we  found 
significant  interference,  which  represents 
what  users  in  condos  and  apartments 
could  experience  through  walls,  ceilings 


and  floors.  Many  lots  aren’t  50  feet  wide, 
and  there  are  plenty  of  places  where  you 
don’t  have  50  feet  between  you  and  your 
neighbor’s  DSL  connections.” 

Tolly’s  tests  also  found  that  placing  two 
Super  G  networks  near  each  other 
degrades  performance  because  both 
must  use  Channel  6,  of  particular  signifi¬ 
cance  to  users  who  buy  a  second  to 
expand  the  network. 

Fast  and  friendly 

With  its  SpeedBooster  line,  Linksys  has 
incorporated  several  standards-based, 
speed-enhancing  techniques  such  as 
frame  bursting  that  are  taken  from  the  Wi-Fi 
Alliance’s  upcoming  802.1  le  standard  for 
quality  of  service.  SpeedBooster  products 
will  begin  shipping  next  month.  The 
Wireless-G  Router  with  SpeedBooster  will 
cost  $130;  PC  Card  adapter  and  PCI  card 
each  will  cost  $99. 

“Because  the  2.4-GHz  band  is  so 
crowded,  people  need  to  use  all  1 1  chan¬ 
nels  to  coexist  with  other  wireless  net¬ 
works.  And  the  fact  that  Super  G  tramples 
over  every  other  wireless  signal  we  found 
is  just  unacceptable,”  says  Mike  Wagner, 
director  of  marketing  at  Linksys. 

See  Linksys,  page  43 


IF  YOU’RE  LOOKING 
FOR  THE  TRUE  HEART  OF  YOUR  SERVER, 

YOU  MUST  LOOK  DEEPER  THAN  THE  CPU 

Hidden  inside  your  servers  are  chips  pumping  data  through  your  entire  network— quickly,  reliably  and  seamlessly.  Broadcom’s  ServerWorks™ 
System  I/O™  chipsets  provide  the  top  5  server  manufacturers  with  the  industry’s  most  advanced  technology  for  IA-32  systems1. 
Technologies  such  as  memory  mirroring  with  hot-plug  capabilities,  which  allow  on-the-fly  swapping  of  your  server’s  RAM,  reliably  keep 
your  data  flowing  and  your  business  operating.  In  fact,  our  server  chips  offer  twice  the  data  bandwidth  of  our  nearest  competitor,  and  are 
the  only  to  boast  integrated  dual-port  Gigabit  Ethernet.  With  Broadcom  in  your  servers,  you’re  prepared  for  the  ever-increasing  throughput 
requirements  of  next-generation  networks. 


I 


■ 


Read  how  to  utilize  Broadcom'*’  chips  as  the 
catalyst  that  drives  your  network  performance 
to  new  heights.  Download  our  white  paper, 
“Next-Generation  Server  Technology:  The  Key 
to  Speed,  Productivity  and  Reliability,”  now  at 
www.gobroadcom.com/servers 


o*  thi 


tiled 


www.nwfusion.com 

Net.Worker 

3/15/04 

NetworkWorid  £ 

Linksys 

continued  from  page  41 

SpeedBooster  is  based  on  a  new 
Broadcom  wireless  chip  technology  called 
Afterburner.  Afterburner  increases  WLAN 
efficiency  by  reducing  the  amount  of  over¬ 
head  transmitted  with  the  data  packets. 
802.11  was  developed  to  transmit  data  at 
1M  and  2M  bit/sec,  which  means  the  pro¬ 
tocol  spent  80%  of  the  time  transmitting 
data  and  20%  transmitting  overhead.  With 
the  higher  speeds  of  802.1  lg,  the  protocol 
spends  more  time  transmitting  overhead 
packets  than  data  packets:  That’s  why  54M 
bit/sec-rated  speed  translates  into  less  than 
half  that  in  actual  data  throughput. 

Afterburner  is  an  improvement  over 
Broadcom’s  earlier  speed-enhancing  chip 
Express,  announced  last  July  Afterburner 
increases  efficiency  even  further  by  short¬ 
ening  the  header  packets  by  50%  and  by 
concatenating,  or  chaining  and  transmit¬ 
ting  five  packets  together  for  each  header 
packet  sent  out. 

“What’s  important  for  end  users  is  that 
Afterburner  is  a  friendly  overlay  on  top  of 
802. llg,”  says  Jeff  Abramowitz,  senior 
director  of  WLAN  at  Broadcom.  He  adds 
that  its  PC  OEM  customers  —  Acer,  Apple, 


f  A 

WLAN  market  growth: 
2003 

SOHO/home  WLAN  equipment 
sales  grew  an  average  of  66% 
last  year,  compared  to  the  9% 
average  for  enterprise  WLAN. 

Position  Year-to- 
SOHO:  year  growth 


Linksys 

1 

82.5% 

D-Link 

2 

83% 

Netgear 

3 

92.4% 

Buffalo 

4 

32.2 

Enterprise: 

Cisco 

1 

35.6% 

Symbol 

2 

25.4% 

Proxim 

3 

-6.3% 

3Com 

4 

47.2% 

SOURCE:  SYNERGY  GROUP  RESEARCH 

Dell,  Fujitsu,  Gateway  and  HP  —  are  inter¬ 
ested  in  using  Afterburner, as  are  the  com¬ 
pany’s  broadband  modem  manufactur¬ 
ers  Efficient  and  Motorola.  Buffalo 
Technology  also  says  it  will  ship  products 


using  Afterburner  in  May. 

Smart  radios 

Although  Atheros,  D-Link  and  Netgear 
continue  to  defend  Super  G,  all  three  are 
working  to  find  ways  to  decrease  interfer¬ 
ence  that  channel  bonding  causes. 

D-Link  says  it  will  release  a  firmware 
update  to  its  Super  G  router  in  April  that 
will  let  the  radio  automatically  detect  the 
presence  of  another  802.1  lg  network  and 
prevent  channel  bonding. 

Netgear  says  it  is  working  with  Atheros  to 
develop  “adaptive  network  radio”  technol¬ 
ogy  which  will  let  a  wireless  router  check 
which  channels  other  wireless  networks 
are  using  and  avoid  them.  According  to 
Netgear’s  Vivek  Patela,  senior  director  of 
product  management/marketing,  a  client 
PC  using  adaptive  network  radio  can  wan¬ 
der  far  enough  from  the  access  point  that  it 
enters  the  range  of  a  neighboring  network, 
yet  maintain  its  connection.  In  other  words, 
the  technology  lets  the  router  communi¬ 
cate  only  with  its  clients,  avoiding  signals 
from  neighboring  networks.  Netgear  plans 
to  release  details  next  month,  but  it 
appears  the  company  will  release  a  new 
product  line,  rather  than  a  firmware  update 
existing  Super  G  products. 


Atheros,  which  created  the  technology  is 
in  a  quiet  period  since  going  public  Feb.  12. 
However,  Colin  Macnab,  the  company’s 
vice  president  of  marketing  and  business 
development,  says  the  FCC  calls  this  ap¬ 
proach  “cognitive  radio"  and  is  discussing 
whether  to  give  “spectral  advantages”  to 
companies  that  use  radio  spectrum  in  a 
more  intelligent  manner.  One  such  advan¬ 
tage  could  be  being  granted  an  increase  in 
the  amount  of  power  products  transmit. 
Today,  the  power  for  wireless  gear  is 
capped  at  1  watt,  but  most  operate  at  about 
100  milliwatts.  ■ 
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The  Tolly  Group's  new 
Super  G  test  results 


Distance 

apart 

Mean  throughput 

Standard 

Super  G  802.11g 

30  ft. 

48.5M  bit/sec  1.4M  bit/sec 

50  ft. 

30.9M  bit/sec 

5.9M  bit/sec 

75  ft. 

44M  bit/sec  15M  bit/sec 

100  ft. 

42M  bit/sec  14M  bit/sec 

150  ft. 

53M  bit/sec 

17M  bit/sec 
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■dgcK  Switches  let  you  do  more  with  less.  This  series  of  high-density  Layer 
s,  including  the  world’s  first  96-port  10/100  plus  4  Gigabit  uplink  switch,  delivers 
of  a  chassis-based  switch  in  a  form  factor  designed  for  environments  where  space 
id  reliability  is  key.  Featuring  hot-swappable,  redundant  power  supplies,  standards- 
nk  management,  a  common  user  interface,  and  the  time-proven  Iron  Ware' M  soft- 
hese  switches  provide  a  powerful,  easy-to-use,  and  reliable  edge  solution.  Power  over 
d  flexible  access  control  features  make  these  switches  the  ideal  solution  for  network 
;\  Give  your  network  a  competitive  edge — get  a  Fastlron  Edge  Switch.  Call 
BOLAN  (1  .SSS.SS7.2652)  or  visit  www.foundrvnetworks.com/fes. 


The  first  complete  enterprise  wiring  closet,  LAN  core,  and  data  center  solution. 

Foundry  Networks’  Fastlron  Layer  2/3  switches  let  you  deploy  a  single  architecture  .  .  _ 

JetC&reX 

enterprise-wide  that  yields  higher  performance,  better  ROI,  and  lower  Total  Cost  *s'c  — * 

of  Ownership,  I  ast  Irons  have  unparalleled  port  density:  up  to  672  10/100  ports,  232  Gigabit  Ethernet 
ports,  or  14  10-Gigabit  Ethernet  ports  in  a  single  modular  system.  Featuring  sFlow,  Fastlron  switches 
provide  wire-speed  network  monitoring.  Plus  the  Fastlrons  offer  superior  QoS  and  multicast  capabil¬ 
ities,  wire-speed  bandwidth  management,  and  IronShield  security.  Learn  more  about  Fastlron  today  at: 
1.888.TURBOLAN  (887-  2652)  or  www.foundrynetworks.com/fi. 
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Middleware  is  Everywhere 


MIDDLEWARE  IS  IBM  SOFTWARE.  Software  like  IBM 
Tivoli  Orchestration  and  WebSphere*  solutions.  Based  on 
your  business  priorities,  Tivoli  software  automatically  and 
intelligently  senses  and  responds  to  change.  Assets  are 
dynamically  reallocated.  And  resources  are  optimized.  All 
with  your  current  infrastructure.  All  without  breaking  the  bank, 
(©business  on  demand™ at  ibm.com/tivoli/middleware 


1.  Senses  increased  demand  for  raincoats 

2.  Responds  to  demand  automatically. 

3.  Senses  increased  Web  traffic. 

4.  Responds  to  traffic  automatically. 

5.  Senses  registers  ringing  constantly. 
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■  AN  INSIDE  LOOK  AT  THE 
TECHNOLOGIES  AND  STANDARDS 
SHAPING  YOUR  NETWORK 


Fibre  Channel  doubles  speeds  of  SANs 


HOW  IT  WORKS 


4G  bit/sec  Fibre  Channel 

Organizations  can  incrementally  migrate  to  4G  bit/sec 
Fibre  Channel  SANs  because  new  hardware  will  rate- 
negotiate  to  interoperate  with  existing  1G  and  2G 
bit/sec  systems. 
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Fibre  Channel 
switch  ASIC 
2G  bit/sec 

Transmitter 


New  disk  array  with  4G  bit/sec  fabric  connection 


Existing  2G  bit/sec  switch 
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O  Drive  controller  transmits  data  at  its  highest  rate,  4G  bit/sec. 

©  Switch  ASIC  cycles  its  receiver  through  its  valid  link  speeds,  in  this  case  1G  and  2G  bit/sec.  Link 
will  not  close  because  switch  is  not  capable  of  4G  bit/sec  operation. 

0  Drive  controller  reduces  transmission  rate  and  sends  data  at  2G  bit/sec. 

O  Switch  ASIC  continues  to  cycle  receiver  through  its  valid  speeds.  At  2G  bit/sec,  link  closes. 

©  Switch  ASIC  sends  acknowledgement  signal  to  drive  controller  indicating  that  link  has  closed. 
Link  runs  at  2G  bit/sec. 


■  BY  BOB  ZONA 

The  4G  bit/sec  Fibre  Channel  standard 
boosts  the  performance  of  storage-area 
networks  by  doubling  speed  while  main¬ 
taining  backward-compatibility  with  1G 
and  2G  bit/sec  systems.  In  addition,  4G 
bit/sec  storage  hardware  will  be  available 
later  this  year  at  a  cost  comparable  to 
todays  2G  bit/sec  products. 

A  task  group  at  the  Accredited  Standards 
Committee  developed  the  4G  bit/sec  Fibre 
Channel  link  specifications  for  backplane 
connection  between  disk  drives  and  drive 
controllers  in  storage  arrays.  ANSI  ap¬ 
proved  the  specification  in  2002  as  Fibre 
Channel-Physical  Interfaces  (FC-PI).  Last 
May,  the  Fibre  Channel  Industry  Assoc¬ 
iation  recommended  4G  bit/sec  Fibre 
Channel  for  switched  fabric  networks  that 
connect  these  storage  arrays  to  servers  in 
the  corporate  data  center. 

SANs  deployed  today  run  at  1G  and  2G 
bit/sec.  As  IT  managers  deal  with  an  ever- 
increasing  deluge  of  data  from  emerging 
bandwidth-intensive  graphics  and  video 
applications,  and  new  document  retention 
and  security  requirements,  they  will  need 
to  increase  Fibre  Channel  SAN  capacity 


Got  great  ideas: 


■  Network  World  is  looking  for  great 
ideas  for  future  Tech  Updates.  If  you 
want  to  contribute  a  primer  on  a  spe¬ 
cific  technology,  standard  or  protocol, 
contact  Amy  Schurr,  senior  managing 
editor,  features  (aschurr@nww.com). 


without  increasing  costs. 

This  can  be  accomplished  by  consolidat¬ 
ing  applications  and  data  on  a  limited 
number  of  more-powerful  servers  and 
higher-capacity  storage  arrays,  letting  sys¬ 
tems  do  more  work  without  increasing  the 
number  of  equipment  racks  that  must  be 
managed.  This  consolidation  creates  the 
need  to  move  to  higher  speeds. 

Using  Fibre  Channel  operating  at  4G 
bit/sec  to  connect  disk  drives  to  drive  con¬ 
trollers  allows  increased  speed  while  main¬ 
taining  compatibility  with  existing  gear.  It 
also  supports  loop  architectures  common 
in  1G  and  2G  bit/sec  systems. 

Fibre  Channel  4G  bit/sec  links  in  the  net¬ 
work  fabric  are  a  good  match  with  these 
new  4G  bit/sec  drive  interconnects, 
because  no  encoding  conversion  is  need¬ 
ed  between  the  backplane  and  fabric. 

At  the  server  side  of  the  network,  fabric 
host  bus  adapters  provide  an  interface 
between  the  servers  internal  data  bus  and 
the  SAN  fabric.  The  trend  in  server  bus 
architectures  is  toward  higher  I/O  band¬ 
width.  Buses  capable  of  4G  bit/sec  through¬ 
put  are  available,  and  greater  speeds  are  on 
the  horizon. 

To  prevent  bottlenecks  and  reduce  laten¬ 
cy  the  speed  of  the  SAN  switch  fabric  must 
match  disk  and  server  I/O  speeds.  As  more- 
powerful  servers  and  larger  disk  arrays 
move  to  connection  speeds  of  4G  bit/sec, 
4G  bit/sec  fabrics  will  be  necessary  to  han¬ 
dle  the  traffic  between  these  devices. 

Systems  based  on  4G  bit/sec  Fibre 
Channel  will  rate-adjust  when  connected 
to  1G  and  2G  bit/sec  systems,  letting  IT 
managers  make  incremental  network 
upgrades  while  using  1G  and  2G  bit/sec 
storage  hardware.  As  the  remaining  infra¬ 
structure  is  upgraded,  the  full  benefits  of  a 


4G  bit/sec  system  are  realized. 

Optical  transceivers  provide  the  interface 
between  Fibre  Channel  systems  and  the 
optical  fibers  of  the  SAN. They  represent  a 
significant  portion  of  the  total  cost  of  a 
SAN.  Development  of  4G  bit/sec  optical 
transceivers  will  not  require  a  change  in 
the  semiconductor  process  technologies 
used  to  manufacture  the  internal  compo¬ 
nents  for  2G  bit/sec  versions,  including 
lasers,  laser  drivers,  PIN  receiver  diodes, 
trans-impedance  amplifiers  and  post 
amplifiers.  Therefore,  once  manufacturing 
is  in  full  production,  4G  bit/sec  optical 
technology  will  be  available  at  a  price 


comparable  to  that  of  2G  bit/sec  Fibre 
Channel  hardware. 

Demand  for  higher  bandwidth,  compati¬ 
bility  with  installed  hardware  and  compa¬ 
rable  cost  will  lead  to  rapid  and  wide¬ 
spread  adoption  of  4G  bit/sec  Fibre 
Channel.  It  will  replace  2G  bit/sec  in  the 
same  way  2G  bit/sec  replaced  1G  bit/sec.By 
2006,  most  Fibre  Channel  hardware  will 
ship  with  4G  bit/sec  interfaces. 

Zona  is  marketing  director  of  the 
Enterprise  Optical  Modules  Optical  Plat¬ 
form  Division  of  Intel.  He  can  be  reached  at 
robert.zona@intel.  com. 


Dr.  Internet  By  Steve  Blass 

I  am  testing  in  a  lab  where  my  SmartBits  has  a 
public  address  while  my  two  routers  and  two  PCs 
are  on  a  private  address  on  two  subnets.  I  can  see 
how  the  virtual  LAN  across  my  two  routers  handle 
Differentiated-Service  code  points  and  how  the 
routers  will  apply  my  access  control  lists.  Can  I 
connect  the  SmartBits  directly  to  one  of  my  PCs  to 
generate  traffic?  I  have  two  ports  on  the 
SmartBits  -  can  I  then  connect  the  two  ports  to 
my  two  PCs  to  get  bidirectional  traffic? 


You  can  generate  bidirectional  traffic  across  the 
routers  to  test  the  VLAN  performance  by  hanging 
one  PC  off  each  router  to  be  the  destination  for 
SmartBits-generated  traffic  and  connecting  the 
two  SmartBits  ports  to  the  opposite  routers  and 
driving  traffic  both  ways  through  the  configura¬ 
tion.  You  can  connect  the  SmartBits  ports  directly 
to  a  PC  using  a  null-modem  (crossover)  Ethernet 
cable,  but  you  probably  want  to  connect  the 
SmartBits  to  the  routers  and  configure  the  virtual 


transmit  engines  to  send  traffic  to  the  PCs  across 
the  VLAN  routers.  To  push  traffic  through  the  PCs 
first  and  then  to  the  VLAN  you  will  need  to  enable 
packet  forwarding  on  the  PCs  and  be  extremely 
careful  with  the  route  table  entries  to  test  the 
intended  traffic  paths. 

Blass  is  a  network  architect  at  Change@Work  in 
Houston.  He  can  be  reached  at  dr.  inter  net 
@changeatu>ork.  com. 
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Information  is  a  core  asset  of  virtually  every 
commercial  business  and  government  agency  in 
today's  networked  world.  Organizations  must  pro¬ 
tect  their  valuable  information  assets  from  loss, 
security  breaches,  and  planned  or  unplanned 
interruptions.  IT  organizations  are  challenged  to 
increase  service  levels  to  their  users  groups  amid  the 
reality  of  constrained  budgets.  IT  professionals  face 
two  related  issues:  first  how  to  rapidly  recover  critical 
information  assets  in  the  event  of  a  system  failure  or 
unexpected  outage;  and  second,  how  to  continually 
improve  levels  of  data  protection  without  additional 
administrative  overhead. 

Organizations  continue  to  accumulate  data  at 
very  high  rates  and  the  requirement  to  protect  larger 
data  sets  is  driving  vendors  to  develop  innovative 
solutions.  Snapshot,  replication,  and  point-in-time 
copy  enable  users  to  keep  production  storage  and 
applications  online  while  performing  backups, 
loading  data  warehouses,  and  even  mirroring  large 
data  sets  to  remote  locations.  The  ever-increasing 
pace  of  business  has  driven  the  widespread  adop¬ 
tion  of  such  technologies  in  the  enterprise.  Until 
recently,  however  midrange  storage  systems  offered 
administrators  fewer  choices.  Now,  small-to-medium 
enterprises  (SMEs)  and  even  small-to-medium  sized 
business  (SMB)  customers  can  take  advantage  of 
new  performance  and  functionality  in  midtier 
storage. 

This  article  will  explore  two  of  the  more  inno¬ 
vative  advances  that  provide  SMEs  and  SMBs 
more  rapid  data  recovery  and  cost  effective 
replication. 

The  Changing  Landscape  of  Data  Protection 

A  recent  ESG  Research  report,  The  Evolution  of 
Enterprise  Data  Protection,  underscores  the  need  for 
more  cost-effective,  yet  robust  data  protection  solu¬ 
tions  for  both  enterprise  and  mid-tier  businesses. 
49%  of  the  222  enterprise 
and  mid-tier  respondents  in 
the  study  stated  that  their 
recovery  processes  are  too 
slow.  While  time-tested  tape 
storage  remains  the  work¬ 
horse  of  backup  and  recov¬ 
ery  procedures,  users  are 
turning  to  new  disk-based  solutions  that  offer  better 
performance,  especially  for  recovery  purposes. 
While  83%  of  data  is  backed  up  to  tape  today,  two 
years  from  now,  53%  of  users'  data  will  be  backed 
up  to  disk  at  some  point  in  its  lifecycle.  Whether  to 
replace  a  Word  document  or  recovery  an  entire 
database  of  customer  contacts  after  a  system  failure, 
rapid  recovery  solutions  are  no  longer  solely  within 
the  domain  of  large  enterprises,  but  are  now  avail¬ 
able  to  medium  and  even  small  businesses.  Until 
recently  comprehensive  solutions  that  enable  faster 


data  recovery  have  been  the  purview  of  the  largest 
or  most  technically  astute  enterprises.  Now  SMEs 
and  SMBs  are  able  to  enjoy  many  of  the  same  data 
protection,  disaster  recovery,  and  replication  choices 
previously  available  only  to  enterprises.  Based  on 
our  research,  observation,  and  discussions  with  ven¬ 
dors  and  IT  professionals,  ESG  sees  a  spectrum  of 
data  protection/information  recovery  solutions 
emerging  to  enable  midrange  users  to  match  their 
data  protection  requirements  budgets  to  a  broader 
choice  of  cost-effective  solutions. 

Asynchronous  remote  replication  migrates  to 
the  midrange 

For  the  past  two  decades,  large  enterprises  have 
leveraged  features  such  as  remote  replication  and 
point-in-time  snapshot,  to  protect  them  from  data 
loss  and  system  failures. 

Snapshot  functionality 
along  with  asynchronous 
replication,  once  available 
in  only  the  enterprise-class 
storage  systems,  will  be 
available  very  soon  in 
some  midrange  storage 
arrays.  Snapshot  allows  a 
point-in-time  replicas  of  a  primary  storage  volume 
to  be  created  and  mounted  as  a  standard  disk  vol¬ 
ume.  Snapshot  is  an  effective  tool  when  used  to  cre¬ 
ate  replicas  of  production  volumes  to  conduct  back¬ 
ups  without  impacting  production  systems.  60%  of 
mid-tier  respondents  in  ESG's  study  use  snapshot 
technology  to  reduce  their  backup  windows. 
Existing  backup/recovery  software  can  backup  the 
replicated  volume  rather  than  the  source  volume, 
allowing  users  to  protect  their  valuable  data  while 
maintaining  productivity. 

Synchronous  replication  provides  enterprises  a 
comprehensive  means  to  protect  their  valuable 
data,  but  with  trade-offs  —  synchronous  replication 
remains  expensive  primarily  due  to  communication 

line  costs  and  is  limited  in 
distance.  Synchronous  repli¬ 
cation  virtually  eliminates 
the  risk  of  data  loss  however. 

Asynchronous  replica¬ 
tion  has  virtually  no 
distance  limitations  and 
allows  SMEs  and  SMBs  to 
design  affordable  data  protection  and  disaster 
recovery  solutions,  when  used  in  conjunction  with 
midrange  storage.  Asynchronous  replication  trans¬ 
mits  only  changed  blocks,  not  every  transaction  or 
entire  disk  volume,  significantly  reducing  the 
amount  of  data  transferred.  Asynchronous  replica¬ 
tion  puts  fewer  burdens  on  storage  systems 
and  gives  mid-size  businesses  the  opportunity  to 
protect  critical  applications  and  more  of  their  valu¬ 
able  data.  It  has  three  advantages:  first,  it  reduces 
costs,  second,  has  essentially  no  distance  limitations 


and  third,  has  much  less  performance  impact  than 
synchronous  replication. 

Disk  to  Disk  Backup  for  Rapid  Recovery  Now 
Affordable 

Mid-tier  arrays  using  ATA  disk  drives  are  driving 
down  the  cost  to  store  data  and  providing  more 
choices  to  SMB  and  SME  users.  While  ATA  drives  are 
still  slower  than  Fibre  Channel  drives  and  not  appro¬ 
priate  for  all  applications,  they  are  often  an  excellent 
target  for  disk  backup.  Some  vendors  now  offer 
separate  ATA  arrays  while  others  enable  ATA  drives 
to  coexist  alongside  Fibre  Channel  drives  enabling 
the  use  of  advanced  features  and  functions  across 
different  classes  of  storage.  As  a  complement  to 
Fibre  Channel  and  SCSI-based  enterprise  disk  arrays, 
ATA  systems  allow  businesses  to  store  more  of  their 

valuable  data  online. 
Administrators  can  imple¬ 
ment  a  disk-based  backup 
scenario  today  using  their 
existing  backup  software, 
right  alongside  their  cur¬ 
rent  tape  solution.  While 
recovery  from  disk  can  be 
much  faster  than  from 
tape,  ESG  Research  illustrates  that  recovery  from  disk 
can  be  more  successful  when  compared  to  recovery 
from  tape.  85%  of  users  reported  that  81-100%  of 
disk-based  recoveries  are  successful.  That  number 
dipped  to  70%  for  tape-based  recoveries.  With  a 
broader  set  of  data  protection  choices,  midrange 
businesses  can  now  explore  tiering  their  storage  sys¬ 
tem  assets  and  information  assets  as  is  the  trend  in 
the  enterprise.  Based  upon  business  requirements, 
the  relative  value  of  data,  and  recovery  time  or 
recovery  point  objectives  mid-tier  users  can  now 
deploy  the  most  appropriate  storage  solutions 
and  not  simply  compromise. 

Today's  real-time  business  environment  places 
unprecedented  pressure  on  large  and  small  organ¬ 
izations.  Migration  of  enterprise-class  functionality 
and  the  emergence  of  cost-saving  ATA  disks  mean 
that  SMBs  and  SMEs  have  the  same  recovery  and 
replication  choices  as  the  enterprise— and  they 
have  these  choices  with  the  robust  performance 
and  high  availability  they  expect  from  their 
storage.  Small-to-medium-sized  business  looking 
to  protect  their  growing  stores  of  valuable  informa¬ 
tion  should  consider  the  capabilities  now  available 
in  midrange  storage. 

For  more  information  on 
Network  Storage  Solutions  and  the 
Enterprise  Storage  Group,  go  to: 
www.enterprisestoragegroup.com 


49%  of  the  222  enterprise  and 
mid-tier  respondents  in  the  study 
stated  that  their  recovery  processes 
are  too  slow. 


Asynchronous  replication  has  three 
advantages:  first,  it  reduces  costs,  second, 
has  essentially  no  distance  limitations  and 
third,  has  much  less  performance  impact 
than  synchronous  replication. 
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The  value  of  your  Exchange  information  rises  and  falls  over  time. 
Now  there  is  a  way  to  manage  e-mail  informations  changing  value,  from  the 
time  it  s  created  until  the  moment  you  dispose  of  it  forever  —  information 
lifecycle  management.  Its  a  process  that  can  significantly  reduce  the  cost 
and  complexity  of  managing  your  ever-changing,  always  growing  e-mail  infor¬ 
mation.  All  the  while  ensuring  that  it  is  protected  and  available.  And 
EMC  is  the  only  company  that  has  the  technologies,  services,  and  solu¬ 
tions  to  bring  Exchange  information  lifecycle  management  to  life.  To 
learn  more,  visit  EMC.com/microsoftsolutions  or  call  (866)  464-7381. 


EMC?  EMC,  and  where  information  lives  are  registered  trademarks  of  EMC  Corporation,  c  2004  EMC  Corporation.  All  rights  reserved. 
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Last  week,  in  the  fourth  part  of  our 
exploration  of  Cascading  Style 
Sheets,  which  has  mysteriously  but 
logically  morphed  into  a  discussion  of 
dynamic  HTML  and  the  document  object 
model,  we  promised  a  more  complex 
example  of  the  image  rollover  technique. 
Here’s  the  code: 

<html> 

<head> 

<script  language  =“JavaScript”> 
button  1  image  =  new  ArrayO 
button! image [0]  =  new  ImageO 
button  1  image  [0]  .src  =  “b  1  over.jpg” 
buttonlimagefl]  =  new  ImageO 
button  1  image  [  1  ]  .src  =  “b  1  .jpg” 
</script> 

</head> 

<body> 

<a  href  =  “http://www.gibbs.com” 
onmouseover  =  “javascript:void 
(document.buttonl.src  =  button  1  image 
[0]  .src)” 

onmouseout  =  “javascript:void 


Cascading  Style  Sheets  (5)  rollovers! 


(document.buttonl.src  =  button  1  image 
[l].src)”> 

<img  src  =“bl.jpg”  name  = 
“button  1  ”  border  =  “0”> 

</a> 

</body> 

</html> 

In  this  example,  we  set  up  an  array  of 
image  objects  to  hold  the  various  button 
states.  Here  we  have  allocated  and  initial¬ 
ized  images  for  the  onMouseOver  and 
onMouseOut  states  but  we  could  also  add 
the  onMouseDown,  onMouseUp  and 
onClick  states  if  we  wanted  to  be  really 
flashy 

In  the  body  of  the  document  we  create 
a  button  using  an  image  in  a  link  and 
define  the  handlers  for  the  events. 
Because  the  code  is  so  simple  we’ve  put 
the  JavaScript  in  the  arguments  for  the 
events.The  alternative  would  have  been  to 
declare  functions  in  the  head  like  this: 
function  BtOverO  { 

document.buttonl.src  =  button  1 
image  [0]  .src; 

}  " 

function  BtOutO  { 

document.buttonl.src  =  buttonl 
image  [1]. src; 

}  " 

And  then  call  the  event  handlers  this 


way  in  the  body: 

<a  href  =  “http://www.gibbs.com” 

onMouseOver  =  “BtOverO” 
onMouseOut  = “BtOutO”  > 

<img  src  =“b  1  .jpg”  name  =  “but¬ 
ton  1”  border  =“0”> 

<J  a> 

Note  that  the  declaration  “javascript: 
void”  prevents  JavaScript  from  returning  a 
value.  This  is  actually  just  for  tidiness,  as 
you  only  need  to  be  mindful  of  unwanted 
return  values  with  JavaScript  in  tags  such 
as  hyperlinks,  where  a  returned  value 
would  have  a  side  effect.  For  example: 

<a  href  =  “javascript:window.open 
(‘http://www.gibbs.com/’)”>Just  some 
site.</a> 

Digging  deeper 

This  JavaScript  code  opens  a  new 
browser  window  that  then  loads  the 
specified  URL. The  side  effect  is  that  the 
code  in  the  first  window  also  returns  an 
object  whose  type  is  “window,”  actually  a 
pointer  to  the  new  window. This  object  is 
expected  to  be  an  object  of  the  type 
“undefined”  (which  is  not  acted  on)  or 
an  object  of  the  type  “string”  (to  be  inter¬ 
preted  as  a  URL  as  the  parameter  of  the 
“href”). 

In  the  example  above,  however,  there  is 


an  object,  and  as  it  is  not  an  expected 
object  type  the  window  simply  will  dis¬ 
play  the  obscure  message  “[object]”  — 
something  that  is  most  likely  not  what 
you’d  want.  So  using  the  following  code: 

<a  href  =  “javascript:void(window. 
open(‘http://www.gibbs.com/’))”>Just 
some  site.</a> 

.  .  .  would  leave  the  document  that 
launched  the  new  window  alone  by  not 
returning  anything  from  the  function.  But 
we  digress  . . . 

The  version  of  the  rollover  code  above  is 
more  generic  than  last  week’s  version,  but 
you  could  easily  improve  on  it.You  could, 
for  instance,  create  an  array  of  arrays  to 
store  all  the  button  images  for  a  page  and 
build  new  event  handlers  that  take  as  an 
argument  the  ID  of  the  button  they  are  to 
dynamically  modify  We  leave  this  as  an 
exercise  for  the  reader . . . 

Now  consider  the  following  code: 

The  color  of  danger  iso  href=”java 
scri  pt:  void  (document,  background- 
color=’red’)”>redk/a> 

What  will  this  code  do  in  the  presence 
of  a  CSS  being  applied  to  the  page  it  is  in? 

Find  out  next  week.  Had  enough  of  CSS 
yet?  Want  more ?  Tell  gearhead@gibbs 
.com. 


Quick  takes 
on  high-tech  toys 

By  Keith  Shaw 


Removable  memory  storage  for  ceil  phone 

SanDisk  recently  launched  its  SanDisk  T-Flash  card,  a 
tiny  memory  storage  card  that  will  be  aimed  at  giving 
mobile  phones  portable  storage  capabilities  for  digital 
media  such  as  photos,  videos,  MP3  music,  games, 
MultiMedia  Service  messages,  e-mail  and  voice  mail. 

San  Disk  says  the  card  is  similar  in  size  and  function  to 
embedded  flash  memory  cards,  but  with  the  added  benefit 
of  being  able  to  be  removed  and  upgraded. The  card’s  size 
(11mm  by  15mm  by  0.1mm),  is  about  one-quarter  that  of 
other  small  removable  flash  cards.  It  will  be  able  to  store 
subscriber  data  and  settings,  so  users  can  transport  these 
settings  from  one  phone  to  another  (similar  to  Subscriber 
Identity  Module  cards,  but  with  addi¬ 
tional  storage  capacity). 

The  card  also  can  be  in¬ 
serted  into  a  Secure  Digital 
card  slot,  giving  Secure  Dig-  4 
ital  devices  the  ability  to  | 
access  content  on  a  T-Flash 
card,  SanDisk  says. 

Motorola  announced  that  its 
E1000  and  A1000  3G-based  cell 
phones,  expected  later  this  year, 


The  tiny  SanDisk  T-Flash  card  can  be 
removed  from  cell  phones  and  upgraded 


will  use  a  32M-byte  T-Flash  card. SanDisk  says  volume  pro¬ 
duction  of  the  cards  will  begin  in  the  second  quarter  for 
OEM  customers,  priced  from  $14  to  $39  in  capacities  up 
to  128M  bytes.  Retail  rollouts  of  the  card  are  expected 
later  in  the  year  as  new  phones  with  the  T-Flash  capabili¬ 
ties  are  launched. 

Fujitsu  enhances  thin  notebook  line 

Fujitsu  Computer  Systems  recently  up¬ 
graded  its  LifeBook  S2000  notebook 
series  while  maintaining  the  same  price. 

The  notebooks  start  at  about  $1,200 
and  are  aimed  at  budget-minded 
mobile  workers  and 
students. 

They  now  incorpo¬ 
rate  the  mobile  AMD 
Athlon  XP-M  2100+  processor 
with  AMD’s  PowerNow  Tech¬ 
nology.  The  4.3-pound  unit 
includes  a  13.3-inch  XGA  TFT 
display,  and  a  modular  bay 
that  can  hold  an  optical  drive  (DVD/CD-RW  combina¬ 
tion),  an  extra  battery  or  a  “weight  saver”  that  lightens  the 
notebook  to  3.85  pounds. 

Other  features  include  up  to  1G  byte  of  mem¬ 
ory,  up  to  a  60G-byte  hard  drive,  Ethernet, 
modem  and  optional  integrated  802.1  lb/g 
wireless  LAN  connectivity,  two  USB  2.0 
ports,  an  IEEE  1394  port,  and  an  optional 
USB-based  floppy  disk  drive.  The  note¬ 
book  comes  with  Windows  XP  Home  or 
Professional  edition. 


Fujitsu  has  added  features  to  the 
LifeBook  notebook,  aimed  at  mobile 
workers,  without  raising  its  price. 


GigaFast  gets  into  802.1 1g  game 

GigaFast  Ethernet  has  jumped 
into  the  802.1  lg  wireless  LAN 
waters  with  the  WF717-APR,a 


54M  bit/sec  wireless  broadband  router.  The  device  costs 
$90  and  is  aimed  at  small  companies  and  home-based 
users,  the  company  says. 

The  WF717-APR  includes  a  built-in  firewall  and  64-  and 
128-bit  Wired  Equivalent  Privacy  encryption.  Configuration 
of  the  device  occurs  through  a  Web  browser. 
WAN  support  includes  static  IP  Domain  Host 
Configuration  Protocol,  Point-to-Fbint  Protocol 
over  Ethernet,  Point-to-Point  Tunnel  Protocol, 
asymmetric  DSL  or  L2-VPN.  More  information  is 
available  at  the  company’s  Web  site. 

Lexmark  launches  $700  color  laser  printer 

Lexmark’s  new  C510  color  laser  printer  will  be 
aimed  at  small  workgroups  in  large  companies 
and  small  and  midsize  businesses. 

The  C5 10,  which  is  priced  at  $700,  includes 
a  500-MHz  processor  and  64  M  bytes  of  memory 
letting  it  print  up  to  30  pages  per  minute  in  mono¬ 
chrome  and  eight  pages  per  minute  in  color. The 
printer  includes  2,400-dot-per-inch  resolution,  a 
780-sheet  paper  capacity, and  high-yield  cartridges 
that  allow  for  up  to  6,600  pages  of  color  or  10,000  pages  of 
monochrome  before  needing  to  be  changed. 

The  printer  also  includes  Lexmark’s  Color  Care  tech¬ 
nologies,  which  lets  IT  managers 
monitor  color  use  or  make  color 
printing  available  only  to  autho¬ 
rized  end. 

A  higher-end  model,  the  C510n 
($1,000),  has  128M  bytes  of  addi¬ 
tional  memory  and  an  internal 
Ethernet  card.  The  C510dtn  model 
adds  a  device  for  twosided  printing 
and  an  extra  530-sheet  paper  tray 


Lexmark's  C510  can  print  eight 
pages  per  minute  in  color. 


Shaw  can  be 
kshaw@nww.  com. 
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INSTANT  FILE  RECOVERY- 

FASTER  THAN  GOING  TO  BACKUP! 


Undelete  protects  deleted  files  and  allows  for  instant  recovery — and  it 
saves  so  much  labor  that  it  can  pay  for  itself  the  first  time  you  use  it. 


The  Windows®  recycle  bin  doesn't  capture  files  deleted  over  the  network — so  until  now, 
recovering  a  lost  file  from  your  Windows  servers  meant  a  time-consuming  restoration  from 
backup.  NEW  Undelete®  4.0  Server  Edition  captures  every  deleted  file,  and  allows  them  to  be 
instantly  recovered  with  just  a  few  clicks  of  the  mouse.  With  Undelete  Professional  Edition 
installed  on  your  workstation,  users  can  even  recover  their  own  files  from  server  Recovery  Bins. 

Get  Undelete  4.0  now,  and  put  the  worries  of  deleted  files  behind  you! 

Download  free  Undelete  trialware 
www.undelete.com/nwud41  •  800.829.6468  ext.  4268 
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software 

Focused  Development  of  System  Management  Toots 


©2004  Executive  Software  International.  All  Rights  Reserved.  UNDELETE,  EXECUTIVE  SOFTWARE  and  the  Executive  Software  logo  are  registered  trademarks  or 
trademarks  of  Executive  Software  International,  Inc.  in  the  United  States  and/or  other  countries.  Microsoft  and  Windows  are  registered  trademarks  or  trademarks  of  Microsoft 
Corporation  in  the  United  States  and/or  other  countries.  All  other  trademarks  and  brand  names  are  the  property  of  their  respective  owners. 
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John  Dix 


Adding  data 
center  capacity 
block  by  block 


If  you're  thinking  you  might  reclaim  some  space  in  the 
data  center  when  you  migrate  to  blades,  think  again. 
Blade  densities  are  so  great  they  typically  overpower 
data  center  cooling  capabilities. 

The  average  tile  in  a  perforated  raised  floor  can  provide 
enough  cooling  for  up  to  3  kilowatts  (kW)  per  equipment 
rack,  more  than  adequate  for  a  typical  rack  that  uses 
1.5kW  of  power  and  puts  out  1.5kW  of  heat  (about  5  to  6 
BTUs),says  Neil  Rasmussen, CTO  and  one  of  the  founders 
of  ARC,  a  company  best  known  for  its  uninterruptible 
power  supply  products. 

But  blade  racks  can  reach  more  than  10  times  the  dens¬ 
ity  of  traditional  systems,  so  cooling  a  15kW  blade  server 
rack  would  require  stealing  cooling  from  five  to  seven  sur¬ 
rounding  floor  tiles.That  results  in  what  some  corporate  IT 
folks  are  reportedly  calling  the  Stonehenge  look:  high-den- 
sity  racks  surrounded  by  empty  floor  space. 

That’s  one  factor  that  drove  APC  to  develop  InfraStruXure 
High  Density,  which  will  be  announced  next  month. 

This  system  builds  on  APC’s  existing  InfraStruXure  line  of 
modular  data  center  rack,  power  and  cooling  components 
by  bundling  everything  together  into  self-contained  cubes, 
complete  with  ceilings.“We  saw  an  opportunity  to  design 
data  centers  as  a  system,  to  get  away  from  the  need  to  buy 
a  headlight,  a  fender  and  the  other  parts,  and  then  bolt 
them  all  together’’  Rasmussen  says. 

A  10-foot-by- 10-foot  InfraStruXure  High  Density  cube  can 
support  up  to  40kW  worth  of  server, storage  and 
switch/router  gear. The  cubes  come  pre-wired  and  pre¬ 
configured,  meaning  you  can  go  with  the  basics  or  create 
high-availability  cubes  with  redundant  everything. 

While  each  cube  has  to  be  fed  electricity  and  a  means 
to  condition  air  —  either  an  external  condenser  or  a 
water  source  —  the  cubes  are  otherwise  self-contained 
and  can  be  dropped  in  anywhere.They  return  ambient 


opinions 
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Detecting  wireless  rogues 

Regarding  the  Face-off  on  whether  rogue  wireless 
LANs  can  be  eliminated  (www.nwfusion.com,  Doc- 
Finder:  1 123):  One  point  that  hasn’t  been  made  is  that 
even  non-wireless  sites  (at  least  those  that  care  about 
network  security)  ought  to  be  detecting  the  various 
rogue  connection  possibilities.  These  include  rogue 
connections  to  your  wired  network  as  a  bridge,  as  a 
network  address  translation  router,  as  a  normal  router 
and  accidental  association  of  a  user  machine  to  an 
unintended  wireless  network.  All  of  the  above  can 
happen  to  sites  that  don’t  intentionally  provide  wire¬ 
less  support.The  only  way  to  detect  these  conditions 
is  to  monitor  the  airwaves  throughout  your  site. 

Tony  Rail 
Senior  networker 
IBM 

San  Jose 

Hold  admins  accountable 

In  his  column  “Time  to  wise  up  about  worms”  (Doc- 
Finder:  1124),  Joel  Snyder  makes  several  observa¬ 
tions  about  how  we  need  to  train  users  not  to  open 
attachments  and  not  rely  on  virus  scanners  to  save 
us  from  these  viruses.  I  agree  with  his  suggestions 
and  would  like  to  add  one  more.  In  this  day  and  age 
of  e-mail-propagated  viruses  and  worms,  why  would 
any  e-mail  system  administrators  in  their  right  mind 
let  executable  attachments  be  e-mailed  into  their 
systems? 

I’m  running  a  virtually  antique  e-mail  and  virus 
product  (Exchange  5.5  and  Norton  Corporate 
Edition  for  Exchange  Version  7.5),  and  I  still  man¬ 
age  to  scan  every  e-mail  for  executable  attach¬ 
ments.  If  it  is  executable  (.exe,  .pif,  .bat,  .zip  and  oth¬ 
ers),  it  isn’t  getting  through  my  e-mail  system  to 
tempt  my  users  to  click  on  it.  I  put  this  into  effect 
after  the  AnnaK  virus  got  through  (before  the  virus 
definitions  were  updated)  and  haven’t  gotten  a 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix ,  editor  in 
chief,  Network  World,  1 18  Turnpike  Road,  Southborough,  MA  01 772. 
Please  include  phone  number  and  address  for  verification. 


virus  or  worm  since. 

But,  what  if  the  president  of  the  company  wants  to 
send  a  zipped  file  to  someone  on  AOL?  Easy  rename 
the  file.zip  to  file.zap  and  attach  a  message  to  re¬ 
name  it  back  on  the  other  end.  The  extra  step  re¬ 
quired  to  rename  a  file  seems  to  help  ensure  that  the 
file  is  from  a  reputable  source. 

Aaron  Peterson 
Havre  de  Grace,  Md. 

I  am  sympathetic  to  Joel  Snyders  position  about 
training  users  not  to  open  dubious  attachments,  but 
it’s  never  going  to  happen. The  malware  can  only  be 
stopped  at  the  choke  points  controlled  by  techni¬ 
cally  competent  people  —  the  ISP  servers  where  the 
malware  enters  the  network  and  the  routers  that 
pass  it  along.  It  is  at  these  points  that  the  malware 
should  be  identified  and  deleted. Servers,  routers 
and  their  communication  connections  cost  big 
bucks  and  have  knowledgeable  staff  to  run  them. 
The  ISP  that  lets  the  spammer  send  a  million  mes¬ 
sages,  lets  the  virus/worm/Trojan  horse  pass  from 
their  customer  to  the  network,  lets  the  port  scans 
through  the  router  and  so  on  —  these  are  the  irre¬ 
sponsible  people  who  deserve  our  ire. 

They  have  the  knowledge  and  the  opportunity  to 
make  a  difference  —  and  they  have  not  acted.  With 
power  comes  responsibility  —  and  the  responsible 
parties  are  not  the  millions  of  end  users.  The  wrong 
model  (protecting  ones  own  endpoint)  was  chosen 
when  the  malware  began  —  typically  because  peo¬ 
ple  saw  they  could  make  a  bigger  buck  selling  mil¬ 
lions  of  software  copies  (and  constant  updates)  in¬ 
stead  of  tens  or  hundreds  of  thousands.  A  more  effi¬ 
cient  model  must  be  adopted  before  the  entire  edi¬ 
fice  collapses  under  the  weight  of  greed  and  evil. 

Bruce  Bibee 
Los  Angeles 


■  Find  out  how  readers  would  eliminate 
spam.  See  more  letters  on  PAGE  54. 


temperature  air  so  they  can  be  added  to  data  centers 
without  stressing  existing  resources,  and  because  they 
contain  cooling  they  can  sit  on  the  floor,  meaning  you  can 
even  use  them  in  unused  office  space. 

What’s  more,  the  whole  system  is  modular  and  can  be 
brought  in  through  standard-width  doors  and  regular  ele- 
vators.“The  components  snap  together,”  Rasmussen  says. 

The  one  apparent  drawback  to  this  otherwise  well- 
conceived  system  is  that,  once  installed,  it  isn’t  easy  to 
reconfigure  a  cube.  Rasmussen  anticipates  that  customers 
will  buy  them  to  satisfy  specific  needs  and  add  more 
cubes  as  their  needs  evolve. 

A  cube  with  N+l  UPS  and  cooling  costs  about  $90,000, 
which  includes  installation. 


—  John  Dix 
Editor  in  chief 
jdix@mvw.com 
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THROUGH  CHANNELS 

Ken  Presti 


Wrangling  over  services  revenue 


s  profit  margins  on  IT  products  re¬ 
main  slender,  some  network  vendors 
l  are  attempting  to  shore  up  their  chan¬ 
nel  partners  by  suggesting  a  stronger  focus 
on  professional  services.  For  our  purposes 
here,  these  services  can  be  defined  as 
everything  you  buy  that  doesn’t  get  shrink- 
wrapped,  downloaded  or  packed  in  a  box. They  include  the  exper¬ 
tise  required  to  figure  out  the  exact  upgrade  you  need,  make  it 
work,  make  it  talk  to  your  legacy  systems  and  keep  it  working. 

Encouraging  channel  partners  to  focus  on  professional  services 
makes  sense;  after  all,  customizing  IT  offerings  to  clients’  needs  is 
what  they  do  for  a  living.  From  a  market  standpoint,  there  is  suffi- 

riont  rnt/nm ip  nntonti  o  1  to  ottro r*t  tho  wa  li  lo.aHHorl  racol  1  nrc  A/AP^ 


Reading  someone  else’s  copy  of  ifeTworkWoHd 

NetworkWorld 


ence  in  the  local  services  market  can  reduce  competition  as  a  result  of 
the  vendor’s  economies  of  scale.  Also  keep  in  mind  that  when  vendors 
offer  services,  they  are  far  less  product-agnostic  than  most  VARs’  and 
integrators’  offerings  tend  to  be. 

Some  of  the  best  options  let  partners  resell  specific  elements  of  over¬ 
all  vendor  service  offerings  in  order  to  give  the  channel  first  pick  of  the 
services  around  which  they  will  build  their  business.This  also  is  favor¬ 
able  to  end  users  because  the  channel  partner  isn’t  faced  with  an  all- 
or-nothing  proposition,  and  therefore  can  focus  resources  in  their  cho¬ 
sen  areas. 

Buyers  are  advised  to  ask  plenty  of  questions  when  purchasing 
a  service  contract.  If  something  goes  wrong,  who  will  come  to 
the  rescue?  What  are  their  qualifications?  What  is  the  size  of  their 

- *  ~  truck  roll  is  needed?  Can  they  address 

i  by  your  company?  What  commitments 
g  service-level  agreements  or  the  speed 


orward  questions  and  answers,  a  certain 
mes  into  play  here.  Most  people  who  have 
any  length  of  time  have  some  idea  who 
emergency.  While  nobody  ever  hopes  to 
)  good  networks,  such  an  event  often  can 
iscerning  sales-speak  from  genuine  cus- 
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r  of  IDC’s  Network  Channels  and  Alliances 
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mension  to  an  old  rivalry 


At  its  analyst  conference  last  month.  AT&T  said  it  will  converge  on 
one  IP  backbone  to  reduce  capital  and  operations  costs,  and  migrate 
toward  higher-layer  applications  services,  where  the  largest  amount  of 
future  revenue  will  be.  At  about  the  same  time,  MCI  announced  a 
sweeping  modernization  of  its  fiber  plant.  Jack  Wimmer, MCI’s  vice  pres¬ 
ident  of  network  architecture  and  advanced  technology  says  the  ultra- 
long-haul  fiber  changes  will  result  in  significant  operations  and  capital 
savings, letting  the  company  decommission  45%  of  its  regeneration  and 
optical  amplifier  locations  along  current  fiber  runs  and  eliminate  half 
its  total  fiber-network  elements  while  vastly  increasing  capacity 

Is  MCI  looking  for  optical  convergence  rather  than  IP  convergence? 
Wimmer  says  no.  MCI  operates  two  parallel  IP  backbones,  one  for  secure 
government  and  enterprise  traffic,  and  another  for  the  Internet.The  car¬ 
rier  doesn’t  see  much  benefit  in  converging  on  one  IP  core  at  this  point. 
Wimmer  says  the  next  logical  target  area  for  convergence  is  the  net¬ 
work’s  edge,  where  the  largest  number  of  devices  and  greatest  network 
capital  and  operations  cost  are  concentrated.  MCI  wouldn’t  comment 
on  its  next  step  in  modernization,  but  it  seems  clear  the  carrier  is  work¬ 
ing  from  the  edge  inward  and  perceives  AT&T  is  doing  the  opposite. 

In  the  application  networking  or  higher-layer  services  area,  MCI  and 
AT&T  seem  more  in  harmony  MCI’s  acquisition  of  Digex  was  motivated 
at  least  in  part  by  the  carriers  recognition  of  the  value  of  application 
hosting, and  MCI  is  currently  running  internal  trials  in  the  hot  new  area 
of  Web  services.  At  its  analyst  conference,  AT&T  discussed  how  it  is 


vices  into  Web  services, 
ntations  seemed  to  stress  the  carriers  value 
ect  between  broadband  voice  technologies 
’rotocol  and  the  public  switched  telephone 
)uld  tend  to  limit  SIP  to  voice  applications. 
J  on  VoIP  asks  for  regulatory  relief  for  calls 
PSTN  calls  but  carried  internally  on  IP  That 
isn’t  visible  to  users,  much  less  extensible  to 
short,  AT&T’s  voice  position  is  conservative. 

Wimmer  summarizes  MCl’s  view  in  what  might  be  the  most  profound 
statement  any  carrier  has  made  on  VoIP:“If  all  SIP  and  voice  over  IP  are 
about  is  a  new  way  to  do  long-distance  voice,  why  bother?”  MCI  is  excit¬ 
ed  about  SIP  as  an  architecture  for  collaboration  and  video. The  first  of 
all  the  major  carriers  to  offer  SIP  voice,  MCI  also  recently  integrated  its 
enterprise  VoIP  service  with  its  most  popular  VPN  service,  in  part  to  get 
the  greatest  possible  leverage  out  of  customer  access  costs  —  among 
the  highest  costs  MCI  and  AT&T  face.  Consistent  with  its  theme  of  edge 
convergence,  MCI  is  hoping  to  converge  the  customer  on  IP  That,  of 
course,  plays  to  MCI’s  strength  with  the  Internet. 

Listening  to  the  two  carriers,  it’s  hard  not  to  think  that  AT&T  is  talking 
about  cost  conservation  and  MCI  about  opportunity  generation.  In  fair¬ 
ness,  MCI  has  less  to  worry  about  regarding  cost.  About  to  emerge  from 
Chapter  1 1  cleansed  of  debt,  MCI  can  afford  to  think  about  developing 
demand.  AT&T  must  still  survive  the  next  two  years  until  it  reaches  the 
turnaround  point  it  talked  about  at  the  analyst  conference. 

That’s  the  point  where  opportunity  comes  in.  Can  AT&T  be  defensive 
for  two  years  and  win  over  a  competitor  that’s  been  on  the  offensive 
from  the  day  it  entered  the  market?  Military  strategists  say  you  can’t  win 
a  war  on  the  defensive.  I  wonder  if  AT&T  read  that.  I  bet  MCI  did. 

Nolle  is  president  of  CIM1  Corp.,  a  technology  assessment  firm  in 
Voorhees,  N.J.  He  can  be  reached  at  (856)  753-0004  or  tnolle@cimi 
corp.com. 
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Readers  speak 
out  on  spam 

Mark 
Gibbs’ 
Backspin 
columns 
“Fighting 
spam: 
Theory  and 
practice” 
(www.nwfu 
sion.com, 
DocFinder: 
1042),  “Fighting  spam:  My  theory” 
(DocFinder:  1043)  and  “Fighting 
spam:  My  theory  (Part  2)”  (Doc¬ 
Finder:  1044)  have  provoked  an 
avalanche  of  reader  responses.  Here’s 
a  sampling  of  your  ideas  on  how  to 
stop  spam. 


Opinions 


I  give  up 

About  two  weeks  ago,  I  threw  in  the  towel  on  run¬ 
ning  filters  on  my  mail  server.  I  signed  up  with  a 
paid  spam-filtering  service  called  SpamStops 
Here.com.  For  about  $50  per  month,  it  filters  and  for¬ 
ward  all  my  company’s  e-mail.  All  I  had  to  do  was 
make  some  DNS  changes.  In  the  last  two  weeks,  not 
counting  a  special  quarantine  account,  I’ve  had 
exactly  two  pieces  of  spam  make  it  to  my  in-box. 

In  effect,  my  company  now  is  paying  for  e-mail. 
However,  we’re  saving  money  because  my  co-work¬ 
ers  and  I  aren’t  spending  hours  each  week  touching 
up  filters  and  going  through  spam. 


Spam  is  unstoppable  simply  because  the 
sender  can  remain  anonymous.  I  propose 
to  eliminate  anonymity 

If  I  get  e-mail  and  the  sender  is  known  to 
me,  I  either  accept  or  reject  the  message. 
If  the  sender  is  unknown  to  me,  then  I 
reply  with  instructions  for  a  reply  back  to 
me.  Spammers  who  require  anonymity 
will  never  reply  back. 

These  graylisted  entries  eventually 
resolve  to  either  whitelist  (successful 
reply)  or  blacklist  (time  limit  expired).  If 
and  when  spammers  set  up  auto-reply 
servers,  they  are  no  longer  anonymous 
and  become  subject  to  whatever  political 
solution  the  world  has  devised. 
Additionally,  these  auto-reply  servers  will 
become  a  known  source  from  which  the 
message  is  automatically  blacklisted. 

The  problem  of  forging  headers  is  more 
problematic  but  not  insurmountable.  We 
extend  Simple  Mail  Transfer  Protocol  to 
verify  some  of  what  is  taken  for  granted  as 
truthful  and  further  reduce  anonymity 

Chris  Miller 
Staff  engineer 
InfoGreat 
Sacramento,  Calif. 

Gibbs:  This  is  essentially  what  l  am  sug¬ 
gesting  —  with  sender  authentication, 
forged  headers  are  not  an  issue. 


There  is  a  simple  and  rather  decentral¬ 
ized  approach  to  limiting  (not  eliminating) 
spam.All  U.S.-based  and  U.S.-registered  ISPs 
should  be  required  by  law  to  provide  both 
a  whitelist  and  a  blacklist  capability  to  each 
of  their  customers.  Failure  to  do  so  would 
get  the  ISP  shut  down. 

Each  ISP  would  then  have  the  option  of 
not  only  applying  Bayesian  processing  to 
mark  potential  spam,  but  also  merging  the 
blacklists  constructed  by  its  customers.  If 
more  than,  say,  80%  of  an  ISP’s  customers 
identify  a  particular  e-mail  address  as  a 


Gibbs:  ISP-side  filtering  is  an 
excellent  choice.  And  yon  get  your 
towel  back,  too. 


spam  source,  the  ISP  doesn’t  forward  email 
from  that  address. 

But  regardless  of  what  ISPs  might  other¬ 
wise  do,  with  a  whitelist  capability  cus¬ 
tomers  can  decide  to  include  only  the 
senders  (or  ISPs)  they  desire. 

James  Smith 
Greenhill.Ala. 

Gibbs:  “By  law”.  ..you  better  have  some 
serious  lobbyists  to  get  this  one  passed. 


Here’s  an  anti-spam  idea  that  I  bet 
would  eliminate  about  60%  to  80%  of 
spam  after  about  six  months.The  premise: 
Almost  all  spam  messages  attempt  to  get 
you  to  go  to  a  Web  site,  where  they  hope 
you’ll  buy  something,  whether  it’s  body- 
part  enhancement  junk,  a  mortgage,  pre¬ 
scription  meds  of  dubious  provenance,  or 
whatever. 

The  plan:  ISPs  and  hosting  companies 
agree  to  a  firm  policy  that,  upon  their 
receipt  of  five  verifiable  spam  complaints 
(verifiable  by  inclusion  of  the  spam  mes¬ 
sage  containing  a  link  to  the  Web  site), 
they  immediately  delete  the  Web  site 
from  their  server.  (Five  complaints  instead 
of  one, so  people  couldn’t  maliciously  get 
a  Web  site  cancelled  by  sending  a  fake 
complaint.) 

Then,  the  ISP  puts  the  credit  card  num¬ 
ber  to  which  the  Web  hosting  was  billed 
into  a  blacklist  database  and  never  lets 
someone  set  up  hosting  with  that  credit 
card  number  again. 

Participating  ISPs  could  query  one 
another’s  databases  when  a  credit  card 
number  is  submitted  for  setting  up  new 
hosting.  To  prevent  privacy  issues  regard- 


Bob  Hayes 
Systems  administrator 
Artbeats  Digital  Film  Library 
Myrtle  Greek,  Ore. 


ing  sharing  credit  card  numbers,  this 
would  be  set  up  so  that  the  actual  num¬ 
ber  is  never  accessed  from  the  queried 
database;  it  just  returns  a  “yes,  it’s  here”  or 
“no,  it  isn’t.” 

The  ISPs  also  could  blacklist  the 
domain  name  used  by  the  canceled  Web 
site,  forcing  the  spammers  to  get  a  new 
domain  name  each  time  they  want  to  set 
up  a  new  Web  site.  Any  ISP  that  declines 
to  participate  in  this  program  would  have 
its  mail  servers  black-holed  by  the  ISPs  in 
the  program. 

What  this  accomplishes  is  to  make  it 
more  difficult  for  a  spammer  to  stay  in 
operation  without  jumping  through  hoops 
such  as  using  a  different  credit  card  num¬ 
ber  each  time  it  sets  up  new  hosting  or 
going  offshore.  Lots  of  spammers  would  go 
to  offshore  hosting,  but  black-holing  the 
servers  of  known  spam  hosts  should  help 
deal  with  that  as  well. 

Why  it  will  never  happen:  It  would  take 
real  guts  on  the  part  of  the  ISPs,  and  they’d 
have  to  give  up  some  income  currently 
derived  from  hosting  spam-promoted 
Web  sites.  Which  is  too  bad,  because  it 
would  work. 

Take  away  the  profitability  of  spamming 
by  making  it  difficult  to  keep  up  a  spam- 
promoted  Web  site,  and  at  least  some  of  the 
spammers  would  give  up  and  maybe  get 
an  actual  job. 

Colin  Goff 
President 
Riley  communications 
Old  Saybrook.Conn. 

Gibbs :  The  problem  of  spam  lies  not  with 
those  people  who  have  accounts  at  ISPs  but 
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with  those  who  use  open  relays,  offshore  ser¬ 
vices  and  free  accounts.  And  trying  to  get  all 
ISPs  to  adhere  to  the  same  set  of  business 
rules  would  be  like  trying  to  herd  cats. 


Yes,  digital  certificates  are  the  answer  to 
most  of  the  problems  associated  with 
spam.  However,  even  with  digital  certs, 
there  are  still  a  few  issues: 

Legally,  how  do  you  go  about  stopping 
spammers  with  digital  certs?  Would  these 
be  “legitimate  spammers”? 

Operationally,  how  do  you  handle  the 
transition  from  SMTP  to  SMTP  with  digital 
certs? 

Developmentally,  do  you  realize  how 
many  programs  depend  on  SMTP  as  a 
communication  method?  There  are  prob¬ 
ably  hundreds  of  thousands  of  products 
that  would  need  to  be  updated,  indicating 
that  the  operational  transition  period 
could  take  many  years,  if  not  decades. 

Cost-wise,  all  this  work  will  take  money, 
and  are  customers  willing  to  foot  the  bill? 
The  answer  is  yes  as  spam  reaches  critical 
mass  and  affects  nearly  everyone  with  an 
e-mail  address  —  but  how  much  are  they 
willing  to  pay?  ISP  services  are  a  very 
competitive  market,  and  companies 
remain  under  tight  IT  budgets, so  ISPs  will 
need  a  marketing  strategy  that  lets  them 
increase  prices. 

Toby  Meehan 
Milwaukee 

Gibbs:  “ Legitimate  ” spammers  would  be 
visible,  identifiable  and  easily  blocked 
while  regular  spammers  would  simply  be 
rejected.  That's  the  point.  SMTP  with  digital 
certificates  would  be  much  like  good  ol’ 
PGP  And  SMTP  proxies  could  handle  the 
whole  certificate-signing  process  so  that 
any  application  that  uses  the  standard 
would  require  no  modifications.  That  was 
easy.  Next! 


It  seems  most  people  are  under  the  false 
belief  that  charging  for  e-mail  will  eliminate 
or  seriously  reduce  spam.  I  have  proof  that 
it  will  not. 

Yesterday  I  deleted  two  pieces  of  spam 
from  my  e-mail.  1  threw  away  nine  pieces  of 
spam  (junk  mail)  from  my  U.S.  Postal 
Service  box.  The  USPS  charges  money  It 
doesn’t  seem  to  help. 

Charging  might  eliminate  bogus  spam, 
but  it  will  only  legitimize  e-mail  as  a  form 
of  advertising  for  business.  Our  spam  will 
only  change  from  a  daily  dose  of  body- 
part  enlargement  offers  to  a  daily  dose  of 
4.9%  credit  card  offers,  which  the  CAN- 
SPAM  bill  allows. 

Michael  Miller 
Colorado  Springs,  Colo. 


Gibbs:  Right  on,  brother!  This  man  has 
heard  the  word! 
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THE  CASE  FOR  A:  All  about  performance 


steep  cost:  performance  degradation.  To 
handle  slower  clients,  802.1  lg  networks 
decrease  their  data  rates  when  an  802.1  lb 
client  is  present,  limiting  access  point 
throughput  to  the  1 1 M  bit/sec  of  802.1  lb. 

There  is  also  some  concern  that  802.1  lg 
won’t  be  as  backward-compatible  as 
promised. The  802.1  lg  standard  contains  a 
protection  mechanism  that  prevents 

802.1  lg  clients  from  receiving  preferential 
treatment  over  slower  802.1  lb  clients.  The 
mechanism  is  bulky  adding  overhead  to 
packets,  and  while  802.1  lg  uses  the  high¬ 
speed  OFDM  modulation  scheme,  it  must 
also  support  the  legacy  Complementary 
Code  Keying  of  802.11b,  which  further 
degrades  throughput. 

To  address  this  problem,  several  infra¬ 
structure  vendors  have  begun  offering  the 
Turbo  G  mode  in  their  802.1  lg  products.To 
do  this,  they  use  a  technique  called  chan¬ 
nel  bonding,  while  also  turning  off  the 
802.11b  protection  mechanism.  In  essence, 
Turbo  G  leaves  802.11b  clients  out  in  the 
cold,  while  having  the  unintended  effect  of 
generating  interference  that  can  affect  the 
performance  of  nearby  access  points. 

Judging  from  these  problems,  you 
might  assume  that  802.1  lg  doesn’t  stand 
a  chance  against  802.11a  in  the  long 
term.  “That’s  not  true,”  DeBeasi  says.  “If 
you  emphasize  coverage  over  perfor¬ 
mance  and  you  place  a  premium  on 
good  legacy  support,  then  802.1  lg  will 
serve  you  well.” 


Certain  environments  are  well  suited  to 

802.1  lg.  DeBeasi’s  company  has  been 
working  with  a  large  hotel.  Serving  a 
diverse  customer  base  is  the  hotel’s  great¬ 
est  need,  and  an  802. 1  lb/g  infrastructure 
will  cost-effectively  accept  the  broadest 
range  of  devices. 

“Keep  in  mind,”  DeBeasi  says,  “even 
though  from  an  infrastructure  standpoint 
you  typically  want  to  choose  between 
802.11a  and/or  802.1  lb/g,  clients  don’t 
have  that  problem.”With  multi-mode  capa¬ 
bilities  rapidly  becoming  the  norm  on  the 
client  side,  there  won’t  be  that  many,  if  any, 

802.1  la-only  devices  entering  most  net¬ 
works,  and,  thus,  802.1  lb/g  lets  you  serve 
the  broadest  possible  client  base. 

Other  scenarios  where  802.1  lg  makes 
sense  are  in  conference  rooms  or  corpo¬ 
rate  lobbies.  In  both  situations,  it’s  impossi¬ 
ble  to  know  which  clients  will  need  access. 
Low-bandwidth  applications  are  also  good 
candidates  for  802.1  lb/g,  such  as  retail 
point-of-sale  or  inventory  tracking. 

According  to  Jeff  Abramowitz,  senior 
director  of  marketing  for  Broadcom’s  wire¬ 
less  LAN  products, 802. 1  lg  is  driving  the  Wi¬ 
Fi  market.  “Infrastructure  is  now  being 
upgraded  to  802.1  lg, and  going  forward  the 
question  becomes  whether  the  capacity 
gains  of  802.1  la  justify  the  additional  cost.” 
Abramowitz  argues  that  network  profes¬ 
sionals  are  familiar  with  the  2.4-GHz  band, 
they  are  looking  to  lower-cost  products 
whenever  possible,  and  they  are  drawn  to 
the  backward-compatibility  of  802.1  lg.B 


case  for  802.1  la  is  pretty 
straightforward:  perfor¬ 
mance.  “Some  network 
managers  are  beginning  to  realize  that  as 
they  deploy  more  nodes  across  the  enter¬ 
prise,  they  will  run  into  capacity  con¬ 
straints,”  Abramowitz  says.  “However,  with 
802.1  la-based  products  being  more 
expensive  than  the  802.1  lb/g  products, 
due  to  lower  production  volumes,  enter¬ 
prises  must  decide  whether  the  perfor¬ 
mance  gains  justify  the  added  cost." 
Adding  to  the  cost  equation  is  802. 11  as 
lesser  range  —  only  about  180  feet.  The 
more  limited  coverage  area  means  that 
more  access  points  are  needed  to  cover  a 
given  space,  resulting  in  additional  costs. 

Based  on  OFDM  modulation,  802.11a 
delivers  a  raw  data  rate  of  54M  bit/sec 
and  operates  in  the  relatively  clean  5-GHz 
band. 

Significantly  more  channels  are  available 
in  802.11a  than  802.1  lb/g;  as  many  as  12. 
But  the  FCC  recently  opened  more  spec¬ 
trum  in  the  5-GHz  band,  so  the  number 
should  jump  to  more  than  20. 

The  FCC  also  “harmonized”  the  unli¬ 
censed  spectrum  in  the  U.S.with  that  used 
overseas.  In  other  words,  your  802.11a 
clients  could  soon  have  international  inter¬ 
operability 

“Today  the  number  of  802. 1  la  units  ship¬ 
ping  is  negligible,”  Collins  says.  “That  will 


change,  though,  as  more  large  enterprises 
begin  deploying  wireless  LANs.  What  will 
drive  the  shift  towards  802.11a  will  be  raw 
data  capacity  issues.’Today, enterprise  wire 
less  networks  are  so  new  that  network 
architects  aren’t  yet  encountering  capacity 
issues.  Thus,  the  driving  deployment  issue 
today  is  investment  protection,  and  in  that 
scenario  802.1  lg  wins  out. 

“That  will  change  as  the  enterprise  mar¬ 
ket  grows,”  Collins  says.  “We  think  2004 
will  be  the  year  of  WLAN  in  the  enter¬ 
prise.  The  enterprise  market  grew  24%  in 
[the  third  quarter  of]  2003,  and  that 
growth  will  continue  over  2004.  As  the 
enterprise  market  grows,  you’ll  see  more 
802.11a  devices,  but  most  of  these  will 
actually  be  multi-mode  units.The  health¬ 
care,  educational,  retail  and  warehousing 
sectors  will  continue  to  be  strong,  driving 
the  overall  enterprise  market.” 

DeBeasi  has  seen  a  demand  for  802.11a 
from  certain  market  segments.“We’re  work¬ 
ing  with  a  large  financial  company  that 
has  a  number  of  users  who  frequently 
download  spreadsheets  and  large  docu¬ 
ments.  In  this  case,  capacity  is  key  and  they 
are  best  served  by  802.1  la,”  he  says.“High- 
tech  and  healthcare  companies  are  also 
good  candidates  for  802.1  la.  If  you  need  to 
exchange  massive  files  or  databases  over 
your  network,  you  can  only  meet  those 
needs  with  an  802.1  la  design. ■ 


THE  CASE  FOR  JUMPING  ON  THE  MULTI-BAND  WAGON:  Flexibility,  future-proofing 


Hyou  don’t  want  to  be  locked  into 
one  standard,  multi-band  solutions 
can  alleviate  the  problem.  A  multi¬ 
band  network  supports  802.1  lb/g  simulta¬ 
neously.  Today  multi-band  capabilities 
come  at  a  premium.  While  this  could 
quickly  change  as  multi-band  chips  hit 
large  production  volumes,  the  reality  today 
is  that  they  could  add  as  much  as  20%  or 
30%  to  the  cost  of  your  initial  deployment. 

“At  the  moment,  there  is  a  price  premi¬ 
um  associated  with  multi-band  products,” 
says  Colin  Macnab.vice  president  of  mar¬ 
keting  at  Atheros  Communications.“But  if 
you  look  at  a  deployment  in  the  enter¬ 
prise,  the  issue  of  access-point  price  is  triv¬ 
ial.  The  biggest  cost  for  the  enterprise 
comes  if  they  ever  have  to  touch  those 
access  points  again.” 

What’s  more  is  the  fact  that  spectrum  is  a 
finite  resource.  Macnab  argues  that  even  if 
you  chose  an  802.1  la  infrastructure^  your 
network  gets  populated  802.1  lb’s  three 
channels  in  the  2.4-GHz  band  will  be  worth 
their  weight  in  gold. 

Even  if  most  users  migrate  upstream  to 
802.11a,  a  company  might  still  need  the 
channels  available  in  the  2.4-GHz  band.  In 
a  network  with  centralized  control  and 
quality  of  service,  clients  with  multi-band 
capabilities  could  be  segregated  by  task  or 


user  role.  For  instance,  a  user  needing  only 
e-mail  access  could  be  pushed  down  to  the 
slower  802.1  lb  channels. 

According  to  Scott  Lindsay  vice  president 
of  marketing  at  Engim,  smart  access  point 
software  is  emerging  that  has  the  intelli¬ 
gence  to  understand  what  the  client  base 
looks  like.Todayyou  have  two  choices  with 
single-mode  solutions:  overdeploy  or  leave 
someone  out,”  he  says.  “Intelligent  multi¬ 
band  solutions  eliminate  this  problem, 
adjusting  to  meet  the  needs  of  actual  users.” 

These  solutions  also  protect  the  network 
from  slow  clients.“Imagine  we’re  in  a  con¬ 
ference  room  with  a  number  of  other  peo¬ 
ple.  We’re  all  close  to  the  access  points,  so 
we’re  all  associating  at  the  maximum  data 
rate,”  Lindsay  says.  “What  happens,  though, 
when  some  guy  down  the  hall  associates 
with  that  same  access  point?  Due  to  dis¬ 
tance,  he’ll  only  associate  at  1M  or  2M  bit/ 
sec,  and  the  aggregate  capacity  of  that 
access  point  will  degrade  to  the  lowest 
common  denominator.  With  intelligent 
multi-band  functionality  the  access  point 
can  move  that  slow  user  onto  his  own 
channel.  Then,  not  only  can  you  meet  the 
needs  of  more  clients, serving  both  802.1  la 
and  802. 1  lb/g  clients  at  once,  but  you  pro¬ 
tect  your  bandwidth  as  well.” 

According  to  Engim  and  Atheros,  many 


multi-mode  chipsets  can  run  in  802.11a 
mode  or  802.1  lb/g  mode,  but  not  both  at 
the  same  time.  You  initially  can  set  up  the 
access  point  to  be  either  802.11a  or 

802.1  lb/g,  but  to  switch  from  one  to  anoth¬ 
er  the  access  points  must  be  reconfigured. 

Atheros  and  Engim  argue  that  true  multi¬ 
band  functionality  comes  from  the  ability 
to  simultaneously  handle  all  types  of  traffic 
at  the  same  time. 

Network  design  issues 

Then  there’s  the  matter  of  network  de¬ 
sign,  which  is  complicated  because 
802.11a  and  802.1  lb/g  networks  require 
different  designs.  Access  points  for  802.1  la 
can  be  placed  closer  together  than 

802.1  lb/g  access  points  without  interfer- 
ing.“For  most  customers,  what  a  multi-band 
infrastructure  gives  you  is  the  ability  to 
reconfigure  the  access  points  via  software 
whenever  your  needs  change,”  Legra’s 
DeBeasi  says.  “However,  if  you  want  to 
deploy  a  true  multi-band  network,  accept¬ 
ing  any  and  all  clients,  what  you  really  need 
to  do  is  start  with  an  802.11a  design  and 
then  add  an  802.1  lg  overlay  A  centralized 
device,  such  as  a  wireless  LAN  switch,  can 
then  provide  the  intelligence  to  load  bal¬ 
ance  clients  from  channel  to  channel  and 
access  point  to  access  point  to  achieve 


deterministic  performance.” 

This  is  a  subtlety  that  often  gets  lost  in  the 
multi-mode  discussion.  For  true  multi-band 
capabilities, you  must  design  two  networks. 
Certain  access  points  will  overlap  —  the 
only  truly  multi-band  access  points  in  the 
network  —  while  the  jest  of  the  network 
will  essentially  function  in  an  either/or,  sin¬ 
gle-band  mode. 

So,  basically  you  have  three  basic  choices: 

•  802.1  lb/g  design, which  provides  broad 
device  and  network  interface  card  cover¬ 
age,  while  currently  being  the  most  cost- 
effective  option. 

•  If  you  want  a  high-performance  WLAN, 
802.11a  offers  the  best  possible  network 
capacity 

•  The  most-expensive  option  is  an 

802.1  la/b/g  multi-band  design  that  sup¬ 
ports  all  available  clients  and  provides  high 
performance.  Capital  costs  are  higher  for  a 
multi-band  network,  but  it  could  bring 
down  operational  costs  over  the  long  haul 
by  saving  you  the  trouble  of  upgrading 
down  the  road. 

Vance  is  a  freelance  technology  writer  and 
consultant  who  focuses  on  trends  in  wire¬ 
less,  next-generation  networking  and  Internet 
infrastructure.  He  can  be  reached  at 
jwoance@zoomintemet.  net. 


Get  information  in  25%  more  places  on  the  Sprint  high-speed  wireless  data  network. 


Your  employees  can  get  email  and  corporate  data  in  more 
places  nationwide  with  Sprint  than  with  AT&T  Wireless. 

The  Sprint  high-speed  wireless  data  network  covers  a  larger  area 
and  more  people  than  the  AT&T  Wireless  GPRS/EDGE  network. 
So  your  employees  can  be  more  productive  in  more  places. 

•  25%  larger  coverage  area 

•  25  million  more  people  covered 

All  this  and,  of  course,  clear  calls  on 
the  nations  most  complete,  all-digital 
wireless  network  to  make  your 
business  more  effective. 

Get  the  facts  at  sprint.com/facts  or  call 
877-459-8144  for  a  Business  Representative. 
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New  wireless  technologies  extend  connectivity  near  and  far. 


B  BY  NANCY  GOHRING 

WiMax  and  ZigBee.  No,  they’re  not  filling  in  for 
Siegfried  and  Roy  on  the  Vegas  strip  or  replacing  Regis 
and  Kelly  on  television. They’re  two  new  wireless  tech¬ 
nologies  that  belong  on  your  radar  screen. 

First  off,  lets  get  the  definitions  straight.  WiMax,  which  stands  for  Worldwide 
Interoperability  for  Microwave  Access,  is  a  WAN  technology  that  can  beam  broadband 
signals  up  to  30  miles  from  a  cell  tower. 

The  802.16  standard,  which  the  WiMax  Forum  industry  group  is  pushing,  is  designed 
to  operate  in  unlicensed  or  licensed  frequencies  from  2  GHz  to  66  GHz.  It’s  being  tout¬ 
ed  initially  as  a  last-mile  alternative  to  DSL  and  cable  modem.  Ultimately  WiMax  pro¬ 
ponents  see  it  as  the  basis  for  ubiquitous,  continuous  mobile  wireless  connectivity 

Picture  mobile  workers  with  dual  WiMax/Wi-Fi  cards  on  their  laptops. They  connect 
via  WiMax  while  moving  and  switch  to  Wi-Fi  at  a  hot  spot  or  inside  a  Wi-Fi-enabled 
building.  While  WiMax  is  designed  for  long-range,  high  data-rate  communications, 
ZigBee  is  at  the  other  end  of  the  scale,  offering  low  data  rates  at  short  distances. 

The  ZigBee  Alliance  is  the  driving  force  behind  the  802.15.4  technology,  which  oper¬ 
ates  in  unlicensed  spectrum,  including  the  crowded  2.4-GHz  band.  It  can  transfer  a 
mere  250K  bit/sec  of  data  within  a  range  of  30  to  200  feet. 

The  big  plus  for  ZigBee  is  that  it  requires  minimal  power,  which  means  a  ZigBee-based 
device  could  run  for  as  long  as  five  years  on  a  single  battery  The  Alliance  sees  ZigBee 
playing  a  role  in  mesh  wireless  LANs,  wireless  desktop  peripherals  and  industrial  sens¬ 
ing  devices  that  can  be  monitored  wirelessly  across  a  network. 


MMDS  operators  spent  as  much  as  $3,000  per  customer  setting  up  external  antennas 
on  customer  homes  or  offices,  says  Lindsay  Schroth.an  analyst  with  The  Yankee  Group. 
“It  was  so  difficult  to  get  a  return  [on  investment]  so  we  saw  them  pull  out  of  the  mar¬ 
ket,”  she  says. 

The  next  version,  802.1 6d,  eliminates  the  need  for  an  outdoor  antenna  and  will  let 
vendors  build  PC  Cards  to  the  standard  so  customers  can  access  service  anywhere 
there’s  coverage, says  Mohammad  Shakouri,vice  president  of  business  development  for 
Alvarion  and  a  WiMax  Forum  board  member. 

The  WiMax  Forum  expects  to  start  certifying  802. 16d  products  in  the  second  half  of 
this  year, and  live  networks  might  become  available  at  the  end  of  next  year, Sch rot h  says. 

Not  until  802. 16e,  however,  will  the  standard  support  handoffs  between  base  stations, 
making  it  truly  mobile.  While  the  WiMax  Forum  has  more  ambitious  goals  for  the  stan¬ 
dard’s  completion  date.Schroth  doesn’t  expect  certified  products  to  hit  the  market  until 
2006  or  2007. 

Once  the  802. 16e  standard  is  complete,  the  lettering  system  will  disappear  and  all 
gear  will  be  known  just  as  802.16,Shakouri  says. 

Intel  says  it  hopes  to  see  laptops  with  Wi-Fi  and  WiMax  built  in  so  mobile  workers  can 
use  WiMax  most  of  the  time  but  switch  to  local-area  Wi-Fi  networks  where  available  be¬ 
cause  they  might  offer  higher  capacity 

The  802.16  standard  effort  has  significant  momentum  behind  it,  partly  because  of  the 
WiMax  Forum  and  Intel’s  interest  in  the  standard,  but  it  still  faces  challenges.  Even 
though  AT&T  and  Covad  Communications  recently  joined  the  WiMax  Forum,  no  oper¬ 
ator  officially  has  signed  up  to  build  a  network  using  the  technology 

In  addition,  a  somewhat  parallel  effort  is  underway  in  the  IEEE,  the  802.20  standard, 
which  is  creating  some  confusion  in  the  market.  Mobile  Broadband  Wireless  Access,  or 
802.20,  is  designed  to  provide  broadband  data  in  a  mobile  environment.  The  tech- 

See  Wi  Wi  World,  page  62 


Standards  battles 

The  802.16  standard  aims  to  initially  compete  with  DSL  and  cable 
modem  service.lt  is  expected  to  solve  some  problems  that  faced  the  mul¬ 
tipoint  multichannel  distribution  system  (MMDS)  license  holders  who 
tried  to  build  a  market  in  the  mid-1990s,  and  current  small  operators 
using  802.1 1  to  bridge  the  last  mile. 

From  a  single  base  station,  an  antenna  can  transmit  as  much  as  75M 
bit/sec  of  bandwidth  for  2  or  3  miles.Throughput  declines  as  the  distance 
increases,  but  proponents  say  a  WiMax  signal  can  extend  as  far  as  30 
miles,  depending  on  how  wide  a  spectrum  band  is  used. 

“The  demand  for  broadband  is  ever  marching  onward,” says  Carlton 
O’Neal,  vice  president  of  marketing  for  Alvarion,  a  developer  of  point- 
to-multipoint  wireless  systems.“At  the  same  time,  the  big  carriers  say 
they  can  do  DSL  and  cable  to  X  percent  of  their  users  but  they  can’t 
do  it  to  all.”  With  802.16,  those  operators  and  others  could  use 
licensed  or  unlicensed  bands  to  reach  customers  they  can’t  serve 
with  the  other  technologies. 

Industry  observers  have  high  hopes  for  802.16.A  recent  study  from  ABI 
Research  reports  that  broadband  wireless  equipment  sales  should  sur¬ 
pass  $1.5  billion  by  2008,  mostly  because  of  WiMax. 

As  with  any  attempt  to  create  a  standard,  there  are  hurdles  that  need  to 

be  overcome. 

The  802.16  effort  is  a  confusing  alphabet  soup,  but  proponents  hope  to 
converge  various  subsets  under  one  all-encompassing  WiMax  label. 

For  example,  802. 16a  added  the  2-GHz  to  1 1-GHz  bands  to  the  original 
802.16  proposal,  which  spanned  frequencies  from  10  GHz  to  66  GHz.The 
802.16a  standard  was  ratified  in  January  2003,  but  it  doesn’t  solve  one  of 
the  main  problems  —  expensive  customer  installation  —  that  caused  the 
MMDS  market  to  fizzle  in  the  mid-1990s. 


Wi  to  the  Max 


WiMax  can  be  used  to  deliver  broadband 
to  businesses,  residences  and,  ultimately, 
mobile  workers. 


O  Currently  WiMax,  or  802.16a,  can 
deliver  up  to  75M  bit/sec  from  a  cell 
tower  to  an  outdoor  antenna  up  to  30 
miles  away. 
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When  802.16d  technology 
is  embedded  in  PCMCIA 
cards,  customers  will  be 
able  to  access  WiMax 
directly  from  their 
laptops. 
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Introducing  a  new  era  of  secure,  corporate  business  freedom 
and  flexibility  —  Nokia  Mobile  Connectivity  solutions. 


Employees  throughout  an  enterprise  want  to  be 
more  mobile  and  productive  —  and  this  can  be 
realized  thanks  to  Nokia  Mobile  Connectivity  solutions. 
CIOs  and  IT  managers  can  provide  the  mobility  and 
security  of  anytime,  anywhere  access  to  users  — 
while  empowering  everyone  from  the  CEO  to  field 
salesforce  teams  with  the  information  needed  to  do 
their  work  where  and  when  they  choose.  Nokia 
Mobile  Connectivity  solutions  include  a  range  of  IPSec- 
and  SSL-based  client  and  gateway  products  that 


provide  secure,  appropriate  access  to  corporate 
email  and  applications.  Enterprises  will  discover  new 
levels  of  efficiency  from  their  workforce,  while 
giving  them  greater  freedom  to  manage  their  business 
and  personal  lives.  All  solutions  are  easy  to  deploy 
and  manage,  are  based  on  award-winning  technology 
and  are  backed  by  Global  Support  and  Services. 

So  if  you  want  greater  working  freedom  that’s  IT 
approved,  go  ahead  and  escape. 
Visitwww.nokia.com/mobileaccess/americas 
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nology  will  operate  in  the  under-3.5-GHz 
spectrum  bands  and  is  supposed  to 
deliver  service  at  up  to  155  miles  per 
hour.  One  could  envision  802.20  being 
used  to  provide  broadband  access  to 
mobile  users  in  trains,  for  example. 

“  [802.1 6] e  and  [802.] 20  were  born  at 
sort  of  the  same  time  in  an  acrimonious 
process,"  says  Marc  Goldburg,  CTO  of 
ArrayComm,  one  of  the  founders  of  the 
802.20  movement,  along  with  Flarion 
and  others. 

The  802.16  proponents  point  out  how 
far  ahead  of  the  development  curve 
they  are  than  802.20,  which  is  far  from 
being  finalized  as  a  standard. 

The  802.16  developers  might  have  a 
leg  up  in  that  they’ve  already  built  the 
basis  for  802. 16e,  but  that  can  also  be  a 
hindrance.  “[802. 16]e  is  meant  to  add 
mobility  to  the  standard  but  with  back- 
wards-compatibility’ Goldburg  says. 

From  laptops  to  light  bulbs 

There  are  a  variety  of  possible  uses 
for  ZigBee  technology.  An  802.15.4  net¬ 
work  can  be  arranged  in  a  number  of 
ways,  but  one  option  is  a  wireless 
mesh,  with  gateways  scattered  where 
necessary.  “In  mesh,  control  is  decen¬ 
tralized  so  there’s  no  single  point  that 
all  information  has  to  flow  through,” 
says  Robert  Poor,  CTO  for  Ember,  a  chip 
and  network  software  maker.  “There¬ 
fore,  gateways  can  be  plunked  down 
anywhere  opportunistically" 

One  of  the  simplest  applications  that 
will  employ  802.15.4  is  lighting  control. 
Instead  of  stringing  wire  behind  walls  to 


connect  a  switch  to  a  light,  an  802.15.4 
radio  in  a  battery-powered  light  switch 
could  communicate  with  a  radio  on  a 
light  bulb  in  a  fixture.  A  division  of 
Philips  Electronics  is  building  802.15.4 
chips  into  certain  types  of  lights. 

The  efficient  power  consumption  of 
the  technology  means  that  switches, 
with  their  limited  battery  power,  can 
sleep  most  of  the  time.They  only  turn  on 
when  switched,  which  wakes  up  the 
radio  long  enough  for  it  to  communi¬ 
cate  with  the  nearest  lamp.  The  lamp  is 
plugged  into  a  power  source  so  the 
radio  on  the  light  bulb  could  be  always 


on,  listening  for  activity  If  the  closest 
lamp  to  detect  communication  from  the 
switch  isn’t  the  lamp  the  switch  aims  to 
turn  on,  it  still  works.  “That’s  relayed 
through  the  network  to  the  lamp  that 
needs  to  go  on,”  Poor  says. 

Developers  argue  that  building  man¬ 
agers  can  use  the  technology  to  signifi¬ 
cantly  cut  down  on  energy  costs.  In  an 
office,  instead  of  hard-wiring  one  light 
switch  to  a  dozen  lights  that  might 
shine  over  a  dozen  cubicles,  the  lights 
over  each  cube  could  be  wirelessly 
attached  to  a  light  switch  that  each 
worker  can  control  in  each  cube.“Right 
now  it’s  a  nightmare  to  cable  each 
switch  into  a  cube,”  says  Bhupender 
Virk,  president  and  CEO  of  CompXs,  a 
developer  of  system-level  802.15.4  and 
ultrawideband  products. 

Building  managers  also  could  link 
certain  lights  to  light  sensors  so  they 
automatically  turn  off  or  dim  when  the 
sun  is  bright.  They  can  control  heating 
and  air  conditioning  units,  linking  them 
all  to  the  Internet  via  connected  gate¬ 
ways  so  that  the  devices  can  be  con¬ 
trolled  remotely 

Industrial  businesses  could  use 
802.15.4  to  monitor  all  sorts  of  equip¬ 
ment,  including  meters. 

Bluetooth  couldn’t  be  used  for  these 
applications  because  it  doesn’t  have  effi¬ 
cient  power  consumption  and  each 
Bluetooth  radio  can  talk  to  just  seven 
other  radios, Virk  says. 

But  802.15.4  might  have  its  own  set  of 
political  troubles  slowing  it  down. Some 
of  the  architects  of  the  standard  created 
the  ZigBee  Alliance  to  narrow  the  spec¬ 
ification  so  vendors  could  build  inter¬ 
operable  products.  But  makers  of  cer¬ 
tain  applications  might  prefer  not 
to  be  interoperable  with  other 
products.“Some  manufacturers  in 
industrial  process  control  might 
not  want  some  other  company 
reading  their  monitoring  system,” 
says  Bob  Heile,  chairman  of  the 
ZigBee  Alliance. 

As  a  result,  802.15.4  is  built  so 
that  data  from  a  proprietary  sys¬ 
tem  can  be  passed  along  a  stan¬ 
dard  ZigBee  lighting  system,  for 
example,  to  build  the  most  effi¬ 
cient  network.  The  ZigBee 
Alliance  has  set  up  a  program  to  let 
independent  manufacturers  conduct  a 
performance  test. 

It’s  not  clear  how  many  manufacturers 
are  interested  in  using  the  standard 
approach. “As  a  good  citizen  we’re  work¬ 
ing  to  grow  this  entire  ecosystem  the 
best  we  can,  but  frankly  the  jury  is  still 
out  on  which  customers  will  insist  on 
ZigBee  and  which  may  prefer  maybe  a 
lighter  weight  or  more  custom  profile," 
Boor  says. 

Gohring  is  a  freelance  writer  She  can  be 
reached  at  nangohring@yahoo.com. 
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CARLTON  O’NEAL, 
president  of  marketing,  A Ivarion 


EDITOR’S  NOTE:  The  Network  World  Wireless  Wizards  are  seen 
exclusively  online  at  www.nwfusion.com,  providing  answers  to  read¬ 
ers’  wireless  LAN  questions.  Here’s  some  advice  from  the  swamis: 


We’re  debating  internally 

whether  to  use  an  IPSec  VPN  or  802.1x  to 
secure  our  wireless  LAN.  What  are  the  advan¬ 
tages  and  disadvantages  of  these  methods?  — 

Bill,  Miami 

Vaduvur  Bharghavan,  Meru  Networks:  Using  802. lx 
provides  Layer 2  authentication  and  security,  which  pre¬ 
vents  Layer  2  packets  from  entering  the  LAN.  This  cre¬ 
ates  a  distributed  security  architecture  with  the  encryption  occurring  between  wire¬ 
less  clients.  The  access  point  secures  the  wireless  link,  but  not  the  LAN  link.  This  makes 
it  more  challenging  to  deploy  a  firewall  between  a  LAN  and  a  WLAN,  unless  you  have 
a  centralized  WLAN  switch  to  aggregate  traffic.  A  benefit  of  802. lx  is  that  authentica¬ 
tion  is  done  sooner;  thus,  Layer  2  packets  from  unauthorized  clients  are  discarded 
before  entering  the  LAN. 

IPSec  provides  Layer  3  authentication  and  security,  preventing  Layer  3  packets  from 
entering  the  LAN  beyond  the  VPN  server.  Using  VPN  for  securing  the  WLAN  enables  a 
centralized  security  architecture,  with  encryption  occurring  between  the  wireless 
clients  and  the  VPN  server.  This  centralized  approach  lets  you  secure  not  just  the  air 
but  also  the  LAN  segment  between  the  access  points  and  the  VPN  server.  It  also  sim¬ 
plifies  deployment  of  a  firewall  for  WLAN  traffic. 

The  downside  of  VPN  security  is  the  administration  of  clients.  A  VPN  system  needs 
to  be  carefully  architected  to  not  only  support  potentially  thousands  of  VPN  connec¬ 
tions  but  also  to  administer  potentially  thousands  of  VPN  clients.  This  approach  needs 
to  be  thought  of  as  a  full-blown  network  upgrade  and  not  just  an  adjunct  to  the  existing 
network. 

After  two  years  of  advancements  in  wireless  security  standards  efforts,  WLAN  secu¬ 
rity  has  improved  dramatically.  Most  of  the  arguments  against  802. lx  are  based  on  per¬ 
ceptions  from  dated  WLAN  security  information.  In  reality,  the  authentication  and 
encryption  methodology  is  nearly  a  wash  between  the  two  methods.  So  whichever  one 
will  make  your  security  group  most  comfortable  is  the  one  to  choose. 


I  noticed  the  other  day  that  my  client  card 

channel  setting  is  set  to  Channel  3,  while  the  router  is  set  to  Channel  6. 
Aren’t  the  two  channels  supposed  to  be  the  same?  Would  changing  one  to 
a  different  channel  number  do  anything  positive  in  regard  to  connection 
strength  or  speed?  —  John,  Chicago 

Keerti  Melkote,  Aruba  Wireless  Networks:  Yes.  The  client  and  the  router/access  point 
should  be  set  to  the  same  channel.  There  is  usually  not  a  choice  of  channel  settings  on 
the  clients,  because  they  will  look  for  the  best  access  point  on  all  the  available  chan¬ 
nels  and  try  to  connect  to  it.  But  if  your  client  is  set  to  Channel  3,  you  would  be  wise  to 
set  it  to  6  in  this  case.  The  specific  choice  of  channel  depends  on  how  much  interfer¬ 
ence  you  see  on  different  channels.  If  you  find  there  are  other  access  points  in  your 
neighborhood  (an  increasingly  common  problem),  you  would  be  wise  to  choose  a  chan¬ 
nel  that  is  relatively  free.  Be  careful  to  set  the  channel  to  1,  6  or  11  if  you  are  in  the  2.4- 
GHz  band  because  these  are  considered  the  non-overlapping  channels  to  use  in 
802.11  b/g.  If  you  set  it  to  something  in  between  these  three,  you  risk  affecting  normal 
operations  of  your  network  and  those  of  your  neighbors. 


My  wireless  connection  drops  whenever  my  neighbor 

turns  on  his  wireless  network.  To  recover  from  this,  I  need  to  shut  the 
power  off  to  my  compute r,  then  turn  it  back  on.  When  I  check  the  con¬ 
figuration  of  my  wireless  board,  it  looks  like  my  connection  has  lost  its 
pass-phrase  for  the  Wi-Fi  Protected  Access-Temporal  Key  Integrity 
Protocol  setting?  Any  suggestions?  —  Joseph,  Charlotte,  N.C. 

Dan  Simone,  Trapeze  Networks:  A  possible  culprit  is  that  you  and  your  neighbor  are 
using  the  same  default  Service  Set  Identifier  (SSID)  name  and  channel,  so  whenever 
your  neighbor  turns  his  network  on,  your  wireless  client  attempts  to  associate  with 
his  access  point  and  fails.  First,  make  sure  you've  changed  the  default  SSID  and 
channel  on  your  own  access  point.  If  it’s  802.11b,  pick  a  channel  (choose  1, 6  or  11)  that 
is  the  farthest  away  from  your  neighbor’s.  By  assigning  a  unique  name  to  your  access 
point  and  listing  that  SSID  as  a  preferred  one,  your  client  should  stay  associated  with 
your  home  network. 

Other  possibilities  include  the  WLAN  network  interface  card  or  its  drivers.  Because 
Wi-Fi  Protected  Access  is  relatively  new,  make  sure  your  access  point  and  your  client 
are  running  the  latest  drivers  (and  getting  your  neighbor  to  do  the  same  is  always 
good,  too). 
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The  leader  in  IT  value 


An  invisible  fence  to  keep  attack  dogs  away  from  your  WLAN. 

Newbury  Networks’ 

WiFi  Watchdog 


■  BY  TOM  HENDERSON,  NETWORK  WORLD  LAB  ALLIANCE 


One  of  the  biggest  Wi-Fi  security  fears  for  network 
professionals  is  the  “van  in  the  parking  lot”  scenario,  in 
which  an  intruder  breaks  into  the  network  from  out¬ 


side  the  company’s  walls. 

Newbury  Networks  tackles  this  prob¬ 
lem  with  WiFi  Watchdog,  which  uses 
location-based  technology  to  let  admin¬ 
istrators  set  up  physical  borders  for  the 
wireless  LAN  (WLAN).  If  a  user  is  inside 
the  “border,”  connections  are  allowed. 
Anywhere  outside  the  network,  connec¬ 
tions  are  denied,  even  if  the  wireless  sig¬ 
nal  is  present.  The  system  also  detects 
rogue  access  points  and  has  other  secu- 


Results 


OVERALL  RATING 


WiFi  Watchdog 


Company:  Newbury  Networks 
Price:  Network  base  license:  $9,995; 
LocalePoints:  $1,000  for  four 
LocalePoints;  Annual  support 
/maintenance:  $2,500  Total  for  pilot/ 
departmental/minimum  system: 
$14,995.  Enterprise  system  license: 
$39,995;  LocalePoints:  $12,500  for  50 
LocalePoints;  Annual  support/ 
maintenance:  $10,500;  Total  for 
enterprise  system:  $62,995.  Pro: 
Excellent  location-based  authentication 
and  overlay  for  802.11b/g  networks. 
Cons:  Doesn’t  include  access 
points/access-point  cost(s);  a  few  bugs, 
intricate  installation;  no  802.11a. 


The  breakdown 


Installation  25  ■ 


Admin/Management 


Security 


Oocumentation/Support  3.5 

TOTAL  SCORE  4.13 


rity  features  to  help  protect  the  WLAN. 

We  recently  tested  the  WiFi  Watchdog 
system  and  found  that  while  it  has  an 
arduous  installation  process,  it  even¬ 
tually  pays  off  with  very  good  results. 
WiFi  Watchdog  won’t  replace  wireline 
security  or  other  network  defenses,  but 
it  can  be  a  good  component  as  part  of  a 
secure  wireless  network.  WiFi  Watchdog 
overlays  existing  and  compatible 
(meaning  access  points  must  be  on  its 
long  approved  list)  WLAN  infrastruc¬ 
ture.  It  doesn’t  optimize  infrastructure  in 
the  way  that  homogeneous  switched  or 
other  types  of  WLAN  equipment  does. 
Rather,  it’s  an  authenticator/de-authenti- 
cator  with  strong  location-based  smarts. 

How  the  system  works 

WiFi  Watchdog  is  a  system  of  passive 
sensors  that  use  patented  methods  to 
locate  wireless  802. 1  lb/g  users  inside  an 
administrator-defined  physical  geogra¬ 
phy  Watchdog  is  used  as  an  overlay  to  an 
existing  Wi-Fi  network  that  has  access 
points  that  can  authenticate  through  the 
RADIUS  protocol. 

Users  within  the  physical  Watchdog 
boundaries  are  authenticated  through  a 
Newbury-provided  RADIUS  server  and 
RADIUS-compatible  access  points.  An 
administrative  system  (a  dedicated  Win¬ 
dows  2000/XP  PC  is  suggested)  tracks 
user  location  and  allows  authentication 
via  RADIUS  following  a  procedure  that 
the  Watchdog  application  manages. 

Watchdog  sensors  (called  Locale- 
Fbints)  are  passive  802.11  access  points 
that  add  to  the  intelligence  that  physical 
training  gains  —  you  need  to  “walk  the 
dog”  around  the  perimeters  of  an  instal¬ 
lation  so  the  sensors  become  familiar 
with  the  geometry  of  the  wireless  layout. 
The  LocalePoints  then  triangulate  clients 
and  access  points,  establish  a  relative 


location,  and  match  the  location  against 
a  database  to  continue  authentication  or 
remove  it.  In  practical  use,  physical  loca¬ 
tion  tracking  will  prevent  a  number  of 
common  attacks,  but  it  cannot  protect 
against  wireline  attacks.  Additionally,  the 
Watchdog  system  currently  only  sup¬ 
ports  802.1  lb/g  systems,  although 
802.11a  monitoring  might  be  added 
soon,  Newbury  says. 

Dancing  through  installation 

The  location-training  process  requires 
walking  around  with  a  working  Wi-Fi 
device  and  pirouetting  (making  a  360- 
degree  rotation)  so  the  LocalePoints 
can  learn  specific  location  characteris¬ 
tics.  A  large  sampling  is  not  necessary; 
just  enough  to  establish  boundaries, 
including  ingress/egress  points  and 
other  boundaries  where  Watchdog  can 
draw  “authentication  lines.”  This  infor¬ 
mation  is  used  to  plot  user  movements 
and  rogue  detection  points  on  a  user- 
defined  layout  map. 

Before  you  do  this,  though,  there  is  soft¬ 
ware  installation  to  overcome. 

We  found  that  Watchdog  needs 
to  be  installed  on  an  otherwise 
pristine  platform,  because  it  re 
quired  very  specific  versions  of 
MySQL  and  Sun’s  Java  software 
developers  kit.  The  wide  com¬ 
patibility  of  these  two  prod¬ 
ucts  lets  these  devices  be 
installed  on  a  number  of 
platforms,  including  Win¬ 
dows  2000  and  above  (we 
used  XP),  Linux  2.4  and 
above  (we  used  2.4.7),  and 
Sun  Solaris  (we  didn’t  try 
Solaris  or  Mac  OS/X  10.3). 

The  LocalePoints  are  highly  modified 
Cisco/Linksys  access  points,  initially  con¬ 
figured  on  the  same  logical  IP  subnet  as 
the  WiFi  Watchdog  Management  AP  — 
and  the  MySQL-Java  SDK  combination. 

We  had  difficulty  configuring  the 
LocalePoints  with  the  Watchdog-bundled 
Windows-based  SensorManager.  Part  of 
the  application  should  update  the 
LocaleRoint  with  its  IP  information  and 


WLAN  scanning  information,  and  we 
found  that  at  times  it  didn’t. 

After  the  LocalePoints  are  discovered 
and  configured,  the  Watchdog  Web- 
based  application  manages  wireless 
devices,  users  and  the  like.  The  applica¬ 
tion  runs  as  a  service  on  Windows  and 
has  an  “.initrc-launched”  application  on 
Linux,  both  with  MySQL 

Watchdog  defines  physical  geography 
as  Zones  that  contain  Locales  and  areas 
are  either  inside  or  outside  a  Locale.The 
sequence  of  events  required  to  get  good 
location  data  mandates  that  Locales  are 
defined,  installed  as  Zones  within  an  on¬ 
screen,  two-dimensional  layout. 

Signatures  or  measurements  between 
two  locales  are  taken,  and  physical  walk¬ 
about  is  required  with  a  Watchdog  fea¬ 
ture  called  the  Predictor.  Signatures  then 
are  bound  to  the  locales.  Measurements 
also  are  taken  at  transition  points  be¬ 
tween  locales,  so  the  inside/outside  sig¬ 
natures  can  be  determined. 

Once  the  setup  is  complete,  there’s  the 
matter  of  taking  discovered  devices  and 
putting  them  into  groups  for  administra¬ 
tive  purposes.  Watchdog  does  not  inte¬ 
grate  with  directory  services,  so  users 
and  group  information  must  either  be 
imported  or  entered  manually 

The  bite  of  Watchdog 

We  tried  to  attack  the 
Watchdog  system  in  two 
common  ways:  testing  its 
location-based  authenti¬ 
cation  system  and  try¬ 
ing  common  spoof¬ 
ing/cracking  attempts. 
Location-based  auth¬ 
entication  in  both  test¬ 
ing  layouts  was  strong.  When  we  went  out 
the  door,  it  took  from  a  few  to  20  seconds 
before  Watchdog  would  cut  us  off.  We 
took  20  measurements  to  train  Watchdog 
where  inside  and  outside  were,  and  paid 
special  attention  to  common  demarca¬ 
tion  points  —  doorways  — and  we  were 
rewarded  with  consistent  service. 

We  also  made  signatures  at  various 
See  Watchdog,  page  66 
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Monitor  application  performance  from  every  angle — from  the  end-user  perspective  and  back  through 
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Watchdog 

continued  from  page  64 

points  outside  the  layout  perimeter  and 
thwarted  the  “van  in  the  parking  lot”  spoof. 
Indeed,  we  found  that  if  we  went  upstairs 
and  downstairs  from  our  two  layouts  and 
made  signatures  there,  we  could  prevent 


unauthorized  logons.This  means  that  high- 
density  Wi-Fi  environments  can  be  protect¬ 
ed  in  a  3-D  air  space. 

We  also  tried  man-in-the-middle  attacks 
(attempts  to  hijack  an  existing  association 
to  an  access  point  by  using  a  client)  using 
spoofed  media  access  control  addresses 
and  “stolen”  Wired  Equivalent  Privacy  keys. 


This  ain’t  your  father's 
phone  system. 


Again,  location-based  and  signature  infor¬ 
mation  was  used  to  authorize  the  correct 
device.  Ad  hoc  mode  devices  also  could  be 
readily  identified,  and  once  again  alarms 
were  sent  correctly 

It  was  possible  to  forge  access-point  cre¬ 
dentials,  shut  off  an  access  point  and  sub¬ 
stitute  it  with  a  like-model  access  point,  an 
event  that  properly  generated  an  alarm  no 
matter  how  fast  we  switched  in  the  substi¬ 
tute  access  point. This  disappearance  from 
the  radar  could  let  an  intruder  substitute 
equipment  that  might  enable  a  wireline 
connection  (such  as  an  Ethernet  port  on  a 
wireless  router).  Wireless  connection 
attempts  through  the  forged  access  point 
still  would  be  detected  and  not  authenti¬ 
cated  through  RADIUS,  however.  Because 
WiFi  Watchdog  doesn’t  cover  wireline 
access  (although  it  certainly  can  be  con¬ 
trolled  in  other  ways), such  breaches  could 
open  uncontrolled,  albeit  wireline,  access. 
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The  MX250 provides  businesses  with  the  best 
productivity  tool  of  all — anytime,  anywhere  access. 
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Zultys  Technologies 

771  Vaqueros  Avenue 
Sunnyvale,  CA  94085 
USA 

Tel: +1-408-328-0450 
Fax:+1-408-328-0451 
Email:  2ultys@2ultys.com 


Downsides 

The  test  LocaleFbints  that  Newbury  sent 
us  weren’t  quite  finished,  but  were  usable. 
The  default  system  configuration  permits 
the  LocalePoints  to  probe  the  network  that 
it’s  on  by  sending  port  probes  to  the  wire- 
line  broadcast  addresses.  This  will  set  off 
intruder  alarms  as  the  probes  look  to  intru¬ 
sion-detection  systems  and  firewall  applica¬ 
tions  as  various  kinds  of  Trojan  attacks.This 
feature  fortunately  can  be  turned  off. 

The  SNMP  traps  Watchdog  sends  also 
must  use  the  SNMP  community  name  pub¬ 
lic,  despite  user  SNMP  community  name 
entry  options.  As  the  use  of  the  SNMP  com¬ 
munity  name  “public”  has  known  security 
problems,  this  is  a  moderate  security  flaw 
for  a  product  otherwise  strongly  focused 
on  security 

Finally  Watchdog  takes  a  good  deal  of 
threading  into  an  installation  to  become 
useful.  The  target  user  will  be  someone 
familiar  with  several  facets  of  system 
administration,  and  you’ll  need  a  mid-level 
technical  staffer  to  sew  together  everything. 

But  when  sewn  correctly,  Watchdog 
should  prove  difficult  to  defeat.The  correct 
infrastructure  is  requited  to  make  it  work, 
and  the  Watchdog  must  be  trained  and  set 
up  correctly  The  payoff  comes  when  you 
walk  out  a  door  and  watch  your  FTP  ses¬ 
sion  cut  off  in  midstream  as  you  become 
de-authenticated.Our  unscientific  location- 
based  accuracy  testing  found  that  Watch¬ 
dog  is  accurate  to  about  5  feet. 

Henderson  is  principal  researcher  and 
managing  director  of  ExtremeLabs  of  In¬ 
dianapolis.  He  can  be  reached  at  thenderson 
@extremelabs.  com. 
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NetScreen 


Complete  network 


NetScreen,  the  company  protecting  many  of  the  world’s  largest 

enterprises,  now  has  security  built  to  fit  medium  enterprises. 
^  Our  complete,  single  vendor  solutions  provide  network 
security  that’s  easily  managed.  Reduces  costs.  And  most 
importantly,  gives  your  network  the  iron-clad 
protection  it  needs  from  today’s  frequent  and 

complex  attacks.  Our  unequaled  solutions 
for  large  financial,  government  and 
manufacturing  networks  have  made 
us  the  world’s  fastest  growing  major 
twork  security  company  over  the  last  two  years. 

Now  there’s  no  better  fit  for  your  business. 

. 

Visit  www.netscreen.com/company/ad/iron-clad 
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IPSec  and  SSL  VPN 


Central  Management 


Deep  Inspection  Firewall 


Intrusion  Detection  and  Prevention 


Antivirus 


APC  solves  top  4  rack  problems. 


Solve  your  most  pressing  rack  problems: 

1)  cabling  nightmares  2)  hot  spots  3)  blown 
circuit  breakers  4)  brand  incompatibility. 

The  APC  NetShelter®  VX  lets  you  easily 


respond  to  future  requirements  and  change. 
Plus,  the  NetShelter  VX  comes  with  the 
"Fits  Like  a  Glove"*  money-back  guarantee 
to  ensure  compatibility  with  all  IT  equipment 


Whether  you  need  a  simple  solution  or  are 
thinking  big,  you  can  depend  on  just  one  ven¬ 
dor  of  choice.  Visit  us  today  at  www.apc.com. 
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*"Fits  Like  a  Glove"  guarantees 
that  all  brands  of  EIA-3I0-D 
compliant  equipment  fit  inside. 
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NetShelter®  VX  Enclosures  .(x.--c.lbii£].eili _ 

Next  generation,  high-quality  enclosures 

•  Fully  ventilated  front  and  rear  doors  with  enhanced  ventilation  pattern  maximize  airflow 

•  Overhead,  base  and  side  cable  access  provides  easy,  integrated  cable  management 

•  Rear  Cabling  Channel  (42"deep  versions  only)  allows  for  easy  installation, 
access  and  serviceability  of  both  data  cables  and  power  distribution 

•  Available  in  multiple  configurations:  35.5"  deep,  42”  deep,  beige  or  black 

NetShelter®  Open  Frame  Racksiix  -Lertieiedi L4.-pnst.Qniy].. 


Economical  solutions  for  wiring  closets  and  networking  applications 

•  Designed  to  accommodate  networking  devices  such  as  hubs,  routers  and  switches 

•  Industry  standard  7'  high  design  provides  45U  of  equipment  mounting  space 

•  Self-squaring  design  allows  one-person  assembly 

•  Made  of  high-strength  6061 -T6  structural-grade  aluminum 


Rack  Air  Removal  Un»t  iARU).(x..c£RHFiED) 

Heat  removal  for  enclosures  in  IT  rooms  and  data  center  hot  spots 

.  Enables  up  to  7.5kW  of  power  consumption  in  a  rack,  without  taking  up  U  space 
.  Automatic  fan  speed  adjustment  leads  to  greater  energy  efficiency 
.  Dual-power  input  cords  allow  the  unit  to  attach  to  redundant  power  sources 
.  Ducting  kit  to  drop  ceiling  plenum  allows  higher  temperature  from  equipment 
exhaust  to  be  delivered  directly  to  A/C  return  stream 


Power  Distribution- UQits.tx  cERTJFif  Pi 

Distribute,  monitor,  and  remotely  control  power  in  rack  enclosures 

•  Basic:  Vertically  and  horizontally  mounting  ^ 

with  a  range  of  amps  and  voltages 


•  Metered:  Ability  to  monitor  the  current  draw  and  set  alarm  thresh¬ 
olds  that  when  exceeded,  provide  both  visual  and  audible  alarms 


•  Switched:  Offer  individual  outlet  control,  power  on  and 
off  displays,  current  monitoring,  alarm  thresholds  and 
network  management. 


Environmental  Management  Unit  ix-r,  frtififdi 

Networked  appliance  enables  management  of  a 
wide  range  of  access  and  environmental  conditions 

•  Browser-accessible  111  rack-mountable  appliance 

•  Monitor  third-party  devices  via  8  input  contacts 

•  Control  third-party  devices  via  2  output  relays 

•  Early  warning  notifications  to  appropriate  personnel 


LCD  Monitors  <x  HFRiiFiFm 

111  rackmountable  integrated  LCD,  keyboard  and  mouse 

•  Occupies  only  1U  of  rack  space  compared  to  the  10U 
to  13U  of  space  required  by  a  traditional  CRT  monitor 
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Take  the  APC  Rack  Challenge,  find  out  how  the  new 
NetShelter®  VX  outperforms  your  brand  and  get  a  FREE  T-shirt* 
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Encryption  restrictions 

Regulations  regarding  the  import  and  export  of  encryption  products  affect  buying  decisions  worldwide. 


■  BY  ELLEN  MESSMER 

Encryption  is  subject  to  a  web  of  regulations  around  the  world  because  nations 
view  encryption  as  “dual-use  technology”  that  has  military  and  commercial 
value. To  varying  degrees,  they  set  restrictions  on  import,  export  and  use. 


Network  managers  who  want  to  use  encryption 
methods  for  ensuring  voice  and  data  secrecy 
across  global  operations  must  learn  the  rules  that 
prevail  where  they  intend  to  conduct  business  — 
lest  they  be  in  for  a  rude  surprise  in  countries 
where  encryption  use  is  still  closely  controlled  by 
the  state.  Many  countries  are  tougher  than  the  U.S. 
on  what  they  let  corporations  do. 

“We  have  part  of  our  business  in  Beijing,"  says 
Bernie  Cowens,  vice  president  for  security  ser¬ 
vices  at  encryption  vendor  Rainbow  Technol¬ 
ogies.  “If  you  encrypt  data  in  China,  you  have  to 
provide  the  Chinese  government  the  ability  to 
access  the  keys.  By  this  regulation,  the  Chinese 
should  be  able  to  get  access  to  [Secure  Sockets 
Layer] -encrypted  traffic,  too.” 

The  result  is  that  businesses  —  including 
Rainbow  —  tend  not  to  use  encryption  in  China, 
Cowens  says. 

“Every  country  has  its  own  rules,”  says  David 
Addis, attorney  with  law  firm  Covington  &  Burling 
in  Washington,  D.C.“China  has  restrictions  on  the 
import  and  use  of  encryption,  and  so  do  Russia 
and  Israel." 

Complications  with  China 

Chinese  government  officials  have  had 
an  ongoing  dialogue  about  encryption 
with  foreign  corporations  doing  busi¬ 
ness  there.  According  to  attorneys 
familiar  with  the  matter,  Chinese  offi¬ 
cials  say  the  encryption  restrictions 
are  aimed  at  Chinese  citizens,  not  for¬ 
eign  corporations.  However,  Addis 
says  companies  can  expect  the 
Chinese  government  to  ask  for  details 
about  the  encryption  they’re  using  — 
in  addition  to  requiring  them  to 
appoint  an  “encryption  contact”  who 
will  give  the  government  the  encryp¬ 
tion  keys  when  asked. 

“China  is  the  big  problem  area 
now,”  confirms  Stewart  Baker,  attorney  at  law 
firm  Steptoe  &  Johnson  in  Washington,  D.C. 
“China  really  has  an  enthusiasm  for  regulation 
and  standardization  that  is  unmatched  any¬ 
where  else  in  the  world.” 


Baker  said  it  appears  likely  that  by  June  all  busi¬ 
nesses  in  China  using  wireless  LANs  will  be 
required  to  use  the  Chinese  WLAN  Authentication 
and  Privacy  Infrastructure  (WAP1)  standard  if  they 
want  to  encrypt  WLAN  traffic.  WAPI,  which  has 
become  a  point  of  trade  friction  between  the  U.S. 
and  China,  “seems  to  be  an  effort  to  drive  indus¬ 
trial  policy’  he  says. 

That  has  many  network  vendors  concerned,  par¬ 
ticularly  because  the  Chinese  government  wants 
to  compel  foreign  manufacturers  to  license  the 
WAPI  protocol  technology  from  designated 
Chinese  manufacturers.  That  would  force  foreign 
manufacturers  into  a  new  kind  of  depen¬ 
dency  and  close  contact  with  their  Chinese 
competitors  to  gain  use  of  WAPI. 

“Were  just  going  to  have  to  see  how  this 
turns  out,” said  Jeff  Platon, a  marketing  direc¬ 
tor  for  Cisco  who  tracks  the  U.S.-Chinese 
government  trade  negotiations.  Cisco  sells 
WLAN  equipment  to  the  Chinese  govern¬ 
ment  but  is  not  eager  to  work  closely  with  a 
competitor  such  as  Huawei  Technologies, 
which  is  one  of  the  approximately  dozen 
Chinese  firms  that  will  have  access  to  WAPI. 

Other  areas  of  the  world  also 
remain  problematic  in  terms  of 
encryption  use. 

In  Russia,  the  Federal  Agency  of 
Governmental  Communications 
and  Information  is  the  source  for 
regulations  requiring  users  to  regis¬ 
ter  to  approve  encryption.  In 
Russia,  the  interpretation  of  the 
rules  seem  to  vary  according  to 
which  government  official  you 
contact,  Baker  says. 

Addis  also  says  encryption  regu¬ 
lations  are  often  not  “transparent” 
around  the  world  —  a  polite  way 
to  say  that  governments  might  not 
exactly  spell  things  out  clearly. 

“Rules  are  often  hard  to  find  and  hard  to 
follow,”  says  Bruce  Schneier,  an  encryption 
expert  and  founder  of  managed  security 
provider  Counterpane.  The  underlying  reason, 
he  maintains,  is  “governments  want  people 


More  online! 

Find  out  what  certification  the  U.S. 
government  requires  of  the 
encryption  it  buys. 

DocFinder  1121 


not  to  do  anything.” 

The  international  trade  accord  called  the 
Wassenaar  Arrangement  was  hammered  out  five 
years  ago  by  33  countries  to  clarify  the  commer¬ 
cial  exchange  of  dual-use  goods  and  technolo¬ 
gies,  including  encryption  between  participants. 
While  Wassenaar  is  intended  to  harmonize  export 
rules  by  the  33  participants,  it’s  what  each  nation 
spells  out  in  its  own  rules  that  ultimately  counts. 

Robert  Lane,  vice  president  of  product  manage¬ 
ment  at  AEP  Systems,  a  U.K  maker  of  SSL  VPN  and 
other  encryption-based  products,  says  it’s  getting 
harder  to  export  to  countries  that  aren’t  part  of 
Wassenaar,  where  approval  on  a  case-by-case 
basis  still  might  be  needed. 

Getting  export  licenses  for  customers  in  Malay¬ 
sia  and  the  Middle  East  is  coming  more  slowly  as 
worries  about  terrorism  have  risen  since  the  Sept. 
11  attacks,  Lane  notes.“The  attitude  has  changed 
quite  a  lot  after  9/11.  There’s  been  a  subtle  hard- 
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Stewart  Baker 

Attorney,  Steptoe  &  Johnson 


ening  of  attitudes  to  export  of  crypto,”  he  says. 

The  U.K.  government’s  Department  of  Trade  and 
Industry  tends  to  look  hard  at  certain  types  of 
companies  —  particularly  start-ups  or  online 
gambling  —  that  want  to  use  cryptography.  In 
some  cases,  AEP  won’t  dedicate  resources  to 
apply  for  certain  licenses  because  it’s  clear  they 
won’t  be  approved.  In  general,  AEP  shares  infor¬ 
mation  about  upcoming  products  with  the  gov¬ 
ernment  agency  in  order  to  understand  the 
export  implications  they  might  have. 

In  the  U.S.,the  Commerce  Department’s  Bureau 
of  Industry  and  Security  has  a  list  of  forbidden 
countries  that  includes  Iran,  Cuba  and  Libya, 
where  U.S.  export  of  cryptography  technology  is 
completely  prohibited.“There  are  still  embargoed 
countries,  and  the  list,  now  at  12  countries, 
changes  biannuallyf  says  Neville  Pattinson,  direc¬ 
tor  of  business  and  development  technology  at 
Axalto,  the  Schlumberger  company  that  makes 
smart  cards.  ■ 


Dominion  KX. 
like  being  there 


Raritan's  Dominion™  KX.  Better  KVM  Over  IP. 


Now  you  can  be  everywhere  you  need  to  be.  Instantly.  Because  now  you  can  access,  diagnose  and  monitor  servers  -  even  the  worst 
server  problems  -  in  any  location  in  the  world  without  ever  leaving  your  chair.  With  Raritan's  19  years  of  innovation  in  the  Data 
Center,  you  now  have  the  newest  and  most  dependable  choice  for  an  integrated  KVM  over  IP  switch:  Dominion  KX.  It's  a  plug-and- 
play  appliance.  It's  incredibly  scalable.  It  works  even  when  your  network  is  down.  And  by  encrypting  all  KVM  data,  including  video, 
KX  provides  the  industry's  most  secure  KVM  over  IP  technology.  It’s  the  KVM  option  that  will  make  other  options  obsolete. 


To  schedule  a  test  drive,  call  1-800-724-8090  x925  or  visit  us  at  www.raritan.com/925 
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Command 


The  KX  Digital  KVM  Switch 
is  one  part  of 

RARITAN'S  DOMINION  SERIES 

The  complete  Data  Center 
Management  Solution 
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When  you're  ready  to  take  control. 


Fingerprint  Authentication  Scanner  Enterprise  KVM  Solutions 

AlterPath“Bio  AlterPatlTKVM 


Advanced  Console  Servers 

AlterPath™ACS 


Network  Management  Gateway 

AlterPath™  Manager 


Intelligent  Power  Distribution  Units 

AlterPath'“PM 
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Cyclades'  data  center  management  solutions  offer  a  full  range 
of  security  features  across  its  entire  product  line  of  console  servers, 
power  management,  KVM,  biometric  scanner  and  network  management. 
With  SSH  v2,  IP  Filtering,  strong  authentication,  event  logging  and 
data  logging,  Cyclades  can  make  your  network  into  a  secure 
heavyweight  contender  in  the  data  center  world. 
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For  a  FREE  white  paper  on  data  center  security,  please  visit  us  at  www.cyclades.com/securitywp 


www.cyclades.com/nw 

1.888.cyclades  ■  1.888.292.5233  •  sales@cyclades.com 


cyclades 


Everywhere  with  Linux 


©2004  Cyclades  Corporation.  All  rights  reserved.  All  other  trademarks  and  product  images  are  property  of  their  respective  owners.  Product  information  subject  to  change  without  n 
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SSH  or  Out-Band  Access  to 
Consoles  at  Remote  Locations 


The  SCM-16  Secure  Console  Management  Switch  provides  in-band  and 
out-of-band  access  to  RS232  console  ports  and  maintenance  ports  on  UNIX 
servers,  routers  and  any  other  network  elements  which  have  a  serial  console 
or  craft  port.  System  administrators  can  access  serial  maintenance  ports 
over  the  network  via  SSH  connections  and  simple  menu-driven  commands, 
or  through  a  discrete  TCP  port  connection  mapped  directly  to  one  of  the 
SCM-16  serial  outputs. 


Visit  website  for  complete  NetReach™  product  line. 


Secure  Shell  (SSHv2)  Encryption 
Simultaneous  SSH  or  Telnet 
Non-Connect  Port  Buffering 
SYSLOG  Reporting 
SNMP  Capability 
Any-to-Any  Port  Switching 
IP  Security  Features 
10/100  Base-T  Ethernet  Port 
Port-specific  Password  Protection 
Data  Rate  Conversion 
1 1 5/230VAC  or  -48VDC  Models 


(800)  854-7226  •  www.wti.com 

5  Sterling  •  Irvine  •  California  92618-2517 
(949)  586-9950  •  Fax:  (949)  583-9514 
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A  KVM  switch  allows  single  or  multiple 
workstations  to  have  local  or  remote  access  to 
multiple  computers  located  in  server  rooms  or 
on  the  desktop  regardless  of  their  platforms 
and  operating  systems.  KVM  switches  have 
traditionally  provided  cost  savings  in  reducing 
energy  and  equipment  costs  while  freeing  up 
valuable  real  estate. 

Recognized  as  the  pioneer  of  KVM  switch 
technology,  Rose  Electronics  offers  the 
industry's  most  comprehensive  range  of 
server  management  products  such  as  KVM 
switches,  extenders  and  remote  access 
solutions.  Rose  Electronics  products  are 
known  for  their  quality,  scalability,  ease  of  use 
and  innovative  technology. 

Rose  Electronics  is.  privately  held  with  world- 
headquarters  in  Houston,  Texas  and  sells  its 
.  .  products  worldwide  through  a  large  network  of 
•Resellers  and  Distributors.  Rose  has 
~  operations  in  the  United  Kingdom,  Spain, 
Germany,  Benelux,  Singapore  and  Australia. 


RackVfew™ 

XVM  RACK  DRAWER  WITH  KVM  SWITCH  OPTION 


•  +281  933  7673 
. '.  +.44  (0)  1264  850574 
!*  65  6324  2322 

fA  +617  3388  1540 


SERVERS  WITHIN  YOUR  REACH 
FROM  ANYWHERE 


UltraMatrix  Remote 


REMOTE  MULTIPLE  USER 
KVM  MATRIX  SWITCH 
ACCESS  OVER  IP  OR  LOCALLY 


•  Connects  1,000  computers  to  multiple  user  stations 
over  IP  or  locally 

•  High  quality  video  up  to  1280  x  1024 

•  Scaling,  scrolling,  and  auto-size  features 

•  Secure  encrypted  operation  with  login  and  computer 
access  control 

•  Advanced  visual  interface  (AVI) 

•  No  need  to  power  down  servers  to  install 

•  Free  lifetime  upgrade  of  firmware 

•  Available  in  several  models 

•  Easy  to  expand 

800  333  9343 

WWW.ROSE.COM 


UltraConsole 

PROFESSIONAL  SINGLE-USER 
KVM  SWITCH  SUPPORTS  UP 
TO  1000  COMPUTERS 


Connects  up  to  1000  computers  to  a  KVM  station 
Models  for  4,  8,16  computers 
Advanced  visual  interface  (AVI) 

Compatible  with  Windows,  Linux,  Solaris,  and  other  O/S 
Connects  to  PS/2,  Sun,  USB,  or  serial  devices 
Converts  RS232  serial  to  VGA  and  PS/2  keyboard 
Free  lifetime  upgrade  of  firmware 
Security  features  prevent  unauthorized  access 
Full  emulation  of  keyboard  and  mouse  functions  for  automatic, 
simultaneous  booting 
Easy  to  expand 
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Local  or  Remote  Server  Management  Solutions 
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NETWORK8 

INSTRUMENTS 


One  Network  Complete  Control  Wired  to  Wireless  •  LAN  to  WAN 


OBSERVER 


WA  IS# 

OBSERVER 


OBSERVER 


Custom  Management  Levels 

OBSERVER 

•  Decode  over  500  protocols 

•  Long-term  network  trending  &  analysis 

•  Real-time  statistics 

EXPERT  OBSERVER 

•  What-lf  Modeling  Analysis 

•  Expert  Analysis 

•  Connection  Dynamics 

OBSERVER  SUITE 

•  Complete  SNMP  device  management 

•  Supports  full  RM0N1,  RM0N2,  HCRMON 

•  Web  Publishing  Reports 


Remote  &  Hardware  Options 

REMOTE  NETWORKING  PROBES 

•  Fully  distributed 

•  Monitor  up  to  64  NICs  simultaneously 

•  New  levels  of  problem  solving  collaboration 

GIGABIT  &  WAN  HARDWARE  OPTIONS 

•  Portable  analyzer  systems 

•  Rack-mount  Probes  ready  to  go 

•  Direct,  passive  link  for  independent  views 


US  &  Canada  Toil  free:  (800)  526-5958  •  Fax:  (952)  932-9545  •  UK  &  Europe:  +44  (0)  1959  569880 


Test-drive  the  new  Observer  9  today  and  see  how  it  immediately 
finds  problems  you  didn’t  know  you  had,  optimizes  network  traffic 
and  provides  insight  for  future  planning.  Call  800-526-5958  for 
a  full  featured  evaluation  or  visit  our  website  at 

www.networkinstruments.com/nine 


Introducing  Observer  9 

•  New  Application  Analysis 

•  Remote  probes  now  provide  multi-interface  and 
multi-session  support 

•  Industry-first  4GB  packet  capture  buffer 

•  Wireless  Site  Survey  Modes 

•  Nanosecond  resolution 

•  Now  over  450  Expert  Events 

•  SNMP,  RMON  and  now  HCRMON  support 


www.networkinstruments.com/nine 


©  2004  Network  Instruments,  LLC.  All  rights  reserved.  Observer,  Network  Instruments  and  the 
Network  Instruments  logo  are  registered  trademarks  of  Network  Instruments,  LLC. 


increase  capacity  •  expand  coverage  •  maximize  performance  •  rapid  installation  ■  minimize  cost 


5  reasons  why  more  and  more  companies 
are  jumping  to  Redline  Communications 


Quick  and  simple  to  deploy, 
Redline's  systems  provide  secure 
voice  and  data  connections  that  are 
completely  scalable,  cost  effective, 
and  reliable.  Redline's  technology 
significantly  reduces  recurring 


expenses  on  T1  backhaul  costs  and 
makes  it  simple  to  migrate  to  VoIP 
networks  by  combining  T1  and  IP  alt 
in  one  wireless  link  -  alt  backed  by 
Redline's  leading  OFDM  technolo¬ 
gy  for  robust  connectivity. 


For  more  information  visit  our  website  at 

www.redlinecommunications.com/5_reasons  or  call  us  at  1-866-653-6669 


Redline 

communications 


Production  Tracking  Over  Ethernet 


] 


HDQS00 
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DEH3S300 

HDHBQ0 


Eliminate  your  shop-floor 
PCs  with ... 

Ethernet  Terminals  from 
ComputerWise  connected  to 
your  in-house  LAN. 

Capture  production  data 
directly  into  files  on  your 
server. 
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Features  C  Benefits 

•  Interactive  Telnet  Client 

•  TCP/IP  over  10/IOOBaseT  Ethernet 

•  Built-in  Barcode  Badge  Reader 

•  Optional  Mag-Stripe  &  RFID  Badge  Reader 

•  Auxiliary  RS-232  Serial  port 

•  Customizable  Data  Collection 
Program  Included 

•  Larger  keyboard  and 
display  sizes  available 

COMPl  TKIIWISL 

Call  1-800-255-3738  or  visit  www.c0mputerwiSB.c9 
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10/100  Basel  Ethernet 

IP  for  HTML,  SNMP  & 
Telnet  Management 


RS-232 

Serial  Management 


SERVER 


Link  Port 
(daisy  chains  to) 

Expansion  Module 


SERVER 


SERVER 


SERVER 


SERVER 


SERVER 


SERVER 


Power  Tower  XL 

•  Outlet  Grouping  across 
power  circuits 

•  Input  Current  Monitor 

•  New  HTML  GUI 

•  Power-up  Sequencing 

•  Zero  U  vertical  and  Rack- 
mount  horizontal  models 

•  Add  a  second  Power  Tower 
to  manage  32  power-ports 


*  Sentry  Power  Tower. 

>  Equipment  Cabinet  Solutions 


Server  Technology,  Inc- 

1040  Sandhill  Drive  Reno,  Nevada  89511  USA 
Web:  www.servert4ch.com  toll  free:  1.800.835.1515 
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SENSAPHONE8 


IMS 


Sends 

SNMP 

Messages 


Monitors 

64 

IP  addresses 


Embedded 

Web 

Server 


Sends 

E-Mail 


Power 

Outage 

Alarming 


Internal 

UPS 


Power 

Control 

Interface 


Internal  Voice, 
Ethernet  Modem 
Port  &  Pager  Port 


8  R|-45  Sensor  Inputs 

(Temperature,  Humidity, 
Water,  Motion,  Power, 
Smoke/fire) 


Microphone 

for  Sound 
Monitoring 


BE  NOTIFIED  BEFORE  CRITICAL  EVENTS  TURN  INTO  DISASTER! 


•  Eight  environment  inputs 

•  Power  sensing 

•  Monitors  64  IP  addresses 

•  Send  alerts  to  64  people 

•  8  methods  of  contact 

•  Calendar  scheduling 

•  Expands  to  256  sensors 

•  Remote  power  control 

•  Optional  camera 


The  Sensaphone  IMS-4000  Infrastructure 
Monitoring  System  monitors  critical  environ¬ 
mental  and  network  elements  in  your  server 
room,  data  center,  or  telecomm  installation  and 
reports  to  you  instantly  when  events  threaten 
your  infrastructure.  The  IMS-4000  keeps  watch 
so  you  don't  have  to.  See  these  features  and 
more  on  the  web  at  www.ims-4000.com 


Phonetics,  Inc. 

Tel:  877-373-2700 

901  Tryens  Road 

www.ims-4000.com 

Aston,  PA  19014 
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NetOp  Remote  Control 


If  you  think  all  remote  control  and  support  software  packages  are  the 
same  -  try  NetOp  today.  NetOp  Remote  Control  is  faster,  offers  the 
highest  level  of  security  and  has  more  support  features.  Visit  www. 
RemoteControlSW.com  to  take  NetOp  for  a  FREE  test  flight  and  make 
your  remote  access  and  support  really  fly. 


V.  Streamline  &  optimize  your  Help  Desk  operations 
"V  IT  pros  fix  more  problems  -  faster 
Top-rated  remote  access  security 
V.  Works  with  all  your  systems  -  Windows,  Mac  OS  X,  Linux  &  more 
•V  Near  real-time  screen  redraws  -  even  cross-platform 
*V  Advanced  scripting  options  and  file  synchronization 
V.  One-button  hardware  &  software  inventories 
•V  Integrates  well  with  your  system  management  software 

Control  PCs  from  a  desktop,  PocketPC,  Browser  or  USB  Flash  Drive 
V  NEW  -  Added  speed,  RSA  security  support,  multiple  Guests  can  view  a  Host 


NetOp  and  the  red  kite  are  registered  trademarks  of  Danware  Data  A/S.  Other  brand  and  product  names  are  trademarks  of  their  respective  holders.  ©2004  Copyright  Danware  Data  A/S.  All  rights  reserved. 
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Toll  Free  Sales  and  Support:  800.675.0729 
services@CrossTecCorp.com  |  www.CrossTecCorp.com 
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Attention  Resellers! 


SECUREMATICS 

The  Right  decision  for  Security  Products 

Best  Source  for  SONICWAU 
Security  Products! 

LIMITED  TIME  OFFER! 

•  Earn  1  FREE  SonloU  e ‘Training 
Class  for  every  $15K  In  SonlcWALL 
purchases  from  Securematics." 

•  New  SonlcWALL  Resellers  will  receive  1  FREE 
Sonlcll  Electronic  Training  Course  with  purchase 


of  any  Demo  Unit 


•  Some  restriction*  may  apply. 


Call 


Securematics  is  a  SonicWALL  Authorized  Distributor  &  Training  Partner 
To  sign  up  for  the  Medallion  Partner  Program,  please  contact  us. 

888-746-6700  sales@securematics.com  www.securematics.com 
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Save  40-70%  on  Network  Equipm 


Refurbished  Routers,  Switches, 

Access  Servers  and  Modules. 


Trust  .Value  II 

Quality  Parts. Great  Prices 


am  Trust  the  Experts 

Continental 


Call  today  for 
10%  off  1  item  (Up  to  $500) 

*New  customers  only. 


www.  conticomp.  com 
COMPUTERS  sue, U84  Call  us:  (310)  416-1200 
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COBALT 


Tel:  408.727.1122 
Fax:  408.727.8002 

3  4  3  1  DE  LA  CRUZ  BLVD. 
WWW.RECURRENT.COM 
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technologies,  inc. 
SANTA  CLARA,  CA  95D54 
INFQ@RECURRENT.CQM 


FIBER  OPTIC  SOLUTIONS 


•  Tl/El  &  T3/E3  Modems 

•  RS-232/422/485  Modems  and 
Multiplexers 

•  IBM  3270  Coax,  AS400  Twinax,  and 
RS6000  Modems  and  Multiplexers 

•  LAN  -  Arcnet/Ethernet/Token  Ring 

•  Video/Audio/Hubs/Repeaters 

•  I S  0  -  9  0  0 1 


o.i. 


Toll  Free  866  SITech-1 


630-761-3640,  Fax  630-761  3644 
wvrw.sitech-bitdriver.com  or  www.sitechfiber.com 
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THE  NETWORK  SPECIALISTS 
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If  it!)s  on,  the^H  WORLDWIDE  PROVIDER 
network,-  -  -  *  OF  NETWORK 

we’ve  got  iU  /f  HARDWARE 
!  i.  SINCE  1981! 

•  Network  Hardware 
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•  Cables  '*£ 
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•  Accessories 

sales6wrca.net  -  (800)  690-9722  X|M| 


Advertising  Supplement 

IT  Careers  in  Financial  Services 


Tens  of  thousands  of  jobs  were  cut  in  the 
financial  services  sector  over  the  past  three 
years.  But  the  cycle  seems  to  be  changing  as 
new  investments  in  technology  and  an  uptick  in  job 
postings  are  replacing  news  of  layoffs. 


In  two  recent  reports,  Financial  Insights 
and  IDC  noted  increases  in  financial 
services  IT  spending  for  everyone  from  Wall 
Street  to  community  banks.  IDC's  2004 
report,  U.S.  IT  Spending  Forecast  Update 
by  Vertical  Market,  found  that  IT  spending 
in  banking  and  manufacturing  leads  all 
industries  for  the  next  four  years,  the 
combination  of  the  two  accounting  for 
one-third  of  the  $391  billion  to  be  invested 
in  IT. 

Peeling  back  that  investment, 
Financial  Insights  looked  at  the  specifics 
of  IT  in  financial  services  in  three  categories 
-  capital  markets,  corporate  banking  and 
retail  financial  services.  In  the  capital 
markets  category,  Financial  Insights  predicts 
Wall  Street  firms  will  reduce  the  complexity  of  data 
infrastructure  and  invest  in  automated  systems 
for  trading  and  credit  risk  management.  The 
corporate  banking  category  within  financial  services 
is  expected  to  invest  in  profitability  management 
tools,  customer  e-care,  integration  of  legacy 
systems  and  new  models  in  business-to-business 


trade  services.  Retail  financial  services  are 
expected  to  increase  IT  spending  by  about  4.5%  this 
year  to  better  manage  fraud,  credit  risk  and 
international  payment  processing  and  delivery 
systems. 


The  investment  levels  have  to  be  balanced 
with  other  trends.  While  capital  markets  are 
expected  to  reduce  the  number  of  IT  vendors,  reports 
indicate  American  Express  will  continue  to  heavily 
outsource  IT  work  (some  estimates  as  high  as  70%). 
Charles  Schwab/CyberTrade  cut  10,000  jobs  during 
the  down  cycle  but  early  this  month  had  more  than 


100  jobs  posted.  The  corporation  is  looking  for 
information  technology  experts  to  help  them  push 
forward  their  strategy  of  personal  investment 
consulting.  Jobs  ranging  from  business  analysts  to 
programmers  to  application  developers  are 
posted,  along  with  a  plum  job  as  vice 
president  of  Schwab  Investment 
Management  Technology. 

The  Charles  Schwab  story  is  reiterated 
across  the  sector.  The  American  Banking 
Association's  community  banking  division  lists 
information  technology  officers  as  one  of  the 
top  three  most  difficult  slots  to  fill,  alongside 
compliance  and  trust  officers.  According  to 
Heather  McElrath,  ABA  spokeswoman, 
community  banks  are  expanding  physically 
with  new  branches  and  need  to  continuously 
upgrade  their  online  banking  capability  for 
customers  who  want  24  hour  per  day  service. 
Both  require  complex  IT  systems  in  a  niche  of 
financial  services  that  has  been  slowly  building 
capability  over  the  past  four  years. 
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Director  of  Information 
Technology  wanted  to  manage 
information  technology  needs 
for  line  of  business-Business  & 
Industry,  based  in  Downers 
Grove,  IL.  Hrs  are  M-F  9  to  5. 
Must  have  BS  in  Computer 
Science.  Engineering  or  related 
field,  plus  extensive  experience 
including  at  least  3  yrs  exp  in 
position  offered  or  in  a  related 
occupation  such  as  Software 
Consultant  or  Project  Engineer 
for  information  systems  develop¬ 
ment  and  implementation.  Prior 
experience  in  all  of  the  following 
areas  is  required:  Data  Manage¬ 
ment  Tools  (MS  Access,  SQL 
Server,  and  Oracle),  Comp¬ 
uterized  Maintenance  Manage¬ 
ment  Systems  (CMMS), 
Management  Information  Syst¬ 
ems,  Computerized  Numerical 
Control  Machines-Design  & 
Maintenance,  Business  Process 
Re-Engineering,  and  Manage¬ 
ment  Consulting.  Apply  online  at 
www.aramarkcareers.com,  or 
request  application  by  writing  to 
Jackie  Meredith-Batchelor,  P.O. 
Box  8018,  Philadelphia,  PA 
19101-8018. 


Computers  -  Sr.  Technical  Arch¬ 
itects  needed.  Seeking  qual. 
cand.  possessing  MS/BS  or 
equiv.  and/or  rel.  work  exp.  Part 
of  the  exp.  must  include  4  yrs. 
working  with  BaanERP,  Baan 
OpenWorld  &  XML.  Duties 
include:  Design  &  develop  IT 
software  solutions  for  clients  in 
Enterprise  Application  &  Mid¬ 
dleware  implementations;  Work 
with  Baan  ERP,  Baan  Open- 
World,  C++.  Java,  XML,  NET  & 
SAP  connectors.  Fwd.  resume 
&  ref.  to:  e-Emphasys  Tech., 
Attn:  FIR,  2401  Weston  Park¬ 
way,  Suite  101,  Cary,  NC 
27513. 


Seeking  qualified  applicants  for 
the  following  positions  in  Mem¬ 
phis,  TN:  Operations  Research 
Analyst.  Using  operations  re¬ 
search  methods,  analyze  broad 
and  complex  corporate  prob¬ 
lems/projects.  Requirements: 
master's  degree  or  equivalent* 
in  operations  research,  applied 
mathematics,  engineering  or 
other  quantitative  field  plus  1 
year  of  experience  in  systems 
analysis,  engineering,  applied 
mathematics  or  related  field. 
Education  and/or  experience 
must  have  included:  develop¬ 
ment  of  optimization  models; 
development  of  heuristic  algo¬ 
rithms  using  C  and/or  C++;  and 
development  of  statistical  mod¬ 
els  using  Minitab.  *Ph.D.  in 
appropriate  field  will  offset  expe¬ 
rience  requirement.  Submit  res¬ 
umes  to  Michael  Umlauf, 
Federal  Express  Corporation, 
3680  Flacks  Cross  Road,  FI- 
2220,  Memphis,  TN  38125. 
EOE  M/F/D/V. 


Usability  Architect  to  develop 
user-oriented  interfaces  based 
on  Cognitive  Ergonomic/FICI 
principles.  Requires  Masters 
degree  with  focus  in  FICI,  plus  2 
yrs.  experience  as  Usability 
Engineer  involving  computer 
software  development  including 
cognitive  task  analysis,  usability 
testing,  heuristic  evaluation,  in¬ 
ferential  statistical  analysis, 
advanced  web  technology 
(AS400,  HTML.  Webserver  and 
computerized  graphics  design) 
and  Yield  Management  princi¬ 
ples.  Send  resume  to  isiobs@ 
erac.com  and  reference  the 
Usability  Architect  job  title  and 
code:  JMVL  in  the  subject  line 
of  your  email  or  mail  to  IS 
Recruiting,  Attn:  JMVL,  Craw¬ 
ford  Group,  600  Corporate  Park 
Dr.,  St.  Louis,  MO  63105. 


Data  Communications  Analyst 

Resolve  all  daily  data  commu- 
nics  &  oper  probs  for  all  comp 
systems  users  in  Ig  pkng  dev't  & 
mgmt  co.  Use  existing  s/ware  & 
h/ware  or  upgrade  when  neces¬ 
sary,  to  max'ize  effic.  workflow  & 
increase  productivity  by  users. 
Research  &  implement  means 
by  w/c  comp  systems  may  be 
max'ized  in  the  promo  of  co's 
mktg  &  advertising  efforts. 
Inspect  all  communics  wires  & 
cables  to  ensure  effic  opers. 
Test  &  eval  si  &  h/ware  to  deter¬ 
mine  effic.,  reliability,  &  compati¬ 
bility  w  /  existing  systems. 
Monitor  system  perf  &  replace  or 
upgrade  as  necessary  to  ensure 
system  compatibility  w /  HQ.  40 
hrs/wk,  9a-5:30p  $31,000/yr  sal. 
Job  loc'd  in  Miami,  FL.  Bach's 
degree  or  equiv  prefd  in  Comp 
Sci  or  rel  concentration  &  1  yr 
exp.  in  the  job  req’d  or  in  rel 
comp  tech  position.  Verif  refs 
req'd.  Send  resume  to:  AWI, 
PO  Box  10869,  Tallahassee,  FL 
32302.  RE:  JOFL  2484715. 


Software  Engineer  IV:  For  co. 
specializing  in  mktg  &  mnfg  of 
computer  software,  design, 
code,  implement  &  test  complex 
product  enhancements.  Res¬ 
earch  new  feature's  concepts  & 
establish  plans  &  coordinate 
them;  analyze  problems  &  sug¬ 
gest  innovative  solutions;  design 
&  test  plans;  train  &  review 
design  work  of  programmers. 
Req's:  Bachelor’s  degree,  or 
equivalent,  in  Computer  Science 
or  a  related  field.  3  yrs  exp  in  job 
offered  or  3  yrs  software  devel¬ 
opment  exp.  Exp  must  include 
Object-Oriented  programming, 
design  &  analysis.  Exp  can  be 
gained  while  pursuing  degree. 
Proficiency  in  C++,  UNIX 
Scripting,  UML,  Java,  &  SQL 
Server  40hrs/wk.  Send  res.  to 
box  C-4,  P.O.  Box  17182,  Phila, 
PA  19105. 


Computerworld  •  InfoWorld  •  Network  World  •  March  15,2004 


NW0403 1 5E/W/MW  1 


it  careers.com 


IT 


PROGRAMMER  ANALYSTS 
for  Springfield,  IL  office.  De¬ 
sign  &  Develop  software  appli¬ 
cations  using  C++,  Oracle, 
Sybase,  XML,  UML,  Coolgen, 
Interwoven,  ClearCase,  Clear- 
Quest,  ITS,  PVCS,  UNIX. 
Bachelors  req'd  in  Computers, 
Engineering,  Math  or  related 
field  of  study  +2  yrs  of  related 
exp.  40  hrs/wk.  Must  have 
legal  authority  to  work  perma¬ 
nently  in  the  U.S.  Contact  HR 
Manager.  Global  Infotech 
Solutions,  Inc,  826  West 
Laurel,  Suite  1 B, Springfield, 
IL-62704 


PROGRAMMER  ANALYST:  3 
positions  available.  Plan,  devel¬ 
op,  test,  and  document  comput¬ 
er  programs  for  flat  rolled  steel 
production  scheduling  systems, 
sales  order  entry  systems,  auto¬ 
mated  reporting  systems  and 
EAServer  development.  Must 
have  B.S.  or  foreign  equivalent 
in  MIS,  computer  science,  or 
electrical  engineering  and  9 
mos.  exp.  in  job  offered.  40- 
hrs/wk.  8A  to  5P.  Must  have 
authorization  to  work  in  the  U.S. 
on  a  permanent  basis.  Qualified 
applicants  send  resumes  to 
Steel  Dynamics,  Inc.,  Attn:  R. 
Francis,  6714  Pointe  Inverness 
Way,  Ste.  200,  Ft.  Wayne,  IN 
46804 


System  Analyst  needed, 
w/exp  in:  Lotus  Notes 
Domino  Web  application 
using  Lotus  Notes,  Lotus 
Notes  R5.  Java  Script, 
Visual  Basic,  Lotus  Script, 
HTML,  DHTML.  XML,  XSLT 
and  XSL  FO.  Send 
resumes  to:  Netsource 
Communications,  Inc. 
12700  Dupont  Circle, 
Tampa.  FL  33626. 


Programmer  Analysts  for  Peoria, 
IL  office.  Design  &  Develop  soft¬ 
ware  applications  using  Oracle, 
Erwin,  Interwoven,  Coolgen, 
XML,  UML,  C++,  ClearCase, 
PVCS,  UNIX;  Bachelors  reqd  in 
Computers,  Engineering,  Math 
or  any  related  field  of  study  +  2 
yrs  of  related  exp.  40  hrs/wk. 
Must  have  proof  of  legal  author¬ 
ity  to  work  permanently  in  the 
U.S.  Send  resume  to  HR 
Manager,  Redsalsa  Techn¬ 
ologies.  Inc.  14001  ,N.  Dallas, 
Parkway,  #  550  Dallas,  TX 
75240 


IT  Careers 
Wants  You! 

Take  the  hassle  out  of 
job  searching  and 
check  us  out  at 
www.itcareers.com. 
Today,  more  than  ever, 
the  right  skills  fuel  the 
new  economy  and  IT 
Careers  wants  you  to  be 
there.  Check  us  out  at: 
www.itcareers.com 
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[Miami  FL  -  Adjoined  Consulting 

seeks  Principal  and  Sr.  Principal 
Consultants  as  well  as  Man¬ 
agers  with  full  project  cycle 
experience  using  combinations 
of  Oracle,  Business  Objects, 
Cognos,  SAP  and  Peoplesoft  to 
provide  ERP  solutions.  Re¬ 
quires  2  years  of  experience  for 
Principal  Consultant  and  5 
years  of  experience  for  Sr. 
Principal  Consultant  and 
Manager  positions.  For  consid¬ 
eration,  e-mail  your  resume  to 
recruiting@adjoined.com. 


PROGRAMMER  ANALYST 

Plan,  develop,  test,  &  document 
computer  software  for  business 
applications  using  Progress 
4GL,  Progress  RDBMS,  UNIX. 
SQL,  Java  &  JSP  in  WIN  &  UNIX 
environments.  Bachelor's  de¬ 
gree  or  equivalent  in  Comp  Sci, 
Comp  Engg  or  Elec  Engg.  2  yrs 
work  exp.  40  hrs/wk,  8am- 
4:30pm.  Send  resume  to: 

HR  Dept.,  Integrated  Systems 
&  Services  Group 
Overlook  Towers 
150  Clove  Rd. 

Little  Falls,  NJ  07424 


Internet  Dvlpr.  /Graphics  Artist  to 
design  art  &  layouts  for  visuals  w/ 
print  &  elec,  media.  Use  Adobe 
lllust.,  Photoshop,  Acrobat, 
Quark  X-Press  &  MS  products 
for  graphics,  logo  &  web  site 
design.  Use  HTML,  PHP  & 
JavaScript  in  web  page  design. 
Design  &  maintain  internal 
Intranet  web  sites.  Copy  writing 
for  web  page  &  newsletter  arti¬ 
cles,  corporate  events,  mes¬ 
sages  &  proj.  summaries.  De¬ 
velop  animation  &  other  multime¬ 
dia  tech,  using  Adobe  Premiere, 
Macromedia  Director  &  Flash. 
Bachelor's  in  Graphics  Arts  +  2 
yrs.  exp.  in  job  duties.  Comp, 
salary  at  prev.  wages.  Apply: 
OSI,  4005  Windward  Plaza,  # 
550,  Alpharetta,  GA  30005  + 
proof  of  perm.  Work  authzn. 


Prog/Analysts  to  analyze,  de¬ 
sign,  implement  appls  using 
OOAD,  C,  C++,  VC++,  VB, 
Oracle,  HTML,  SQL  Server,  GUI 
tools,  ASP,  VBScript,  Crystal 
Reports  under  Windows,  UNIX 
&  Sun  Solaris  (or)  C,  C++, 
VC++,  Socket  Programming, 
Shell  Scripting,  TCP/IP,  Ration¬ 
al  Rose,  Clear  Case,  etc.  under 
Windows,  Unix  and  VxWorks; 
perform  testing,  debugging, 
documentation  of  appls:  main¬ 
tain  and  support  existing  appls. 
Require:  B.S.  or  foreign  equiv. 
in  CS/Engg.  (any  branch)  &  2 
yrs  exp.  in  IT.  Travel  involved. 
F/T.  Comp,  salary.  Resumes  to: 
HR,  Ciphertrust,  Inc.,  4800 
North  Point  Parkway,  Ste  400, 
Alpharetta,  GA  30022. 


PROGRAMMER  ANALYST  / 
SOFTWARE  ENGINEER-  Cyber 
Technology  Group,  Portland, 
Maine  needs  experienced  s/w 
professionals  with  experience  in 
object  oriented  and  distributed 
systems,  developing  software 
applications  using  Java  /J2EE 
(Weblogic),  C++.  XML/XSLT, 
TCP/IP,  Oracle,  common  design 
patterns,  UML,  RUP  and  Model 
Driven  Architecture.  Knowledge 
of  collaborative  systems  and 
mobile  code  is  a  plus.  Please 
email  your  resume  to 
hr@cybertechgroup.com  or  mail 
to  CTG  480  Congress  Street, 
Ground  Floor,  Portland,  ME 
04101. 


Wednesday,  April  28 
6-8  p.m. 

American  Management  Association 
1601  Broadway,  8th  Floor 
(at  48th  Street) 


Master  of  Science  in  Systems  Administration 

Advance  in  today’s  rapidly  growing  world  of  technology  with  a  Master’s  in  Systems  Administration  from  NYU.  This 
powerful  new  program  provides  students  with  the  skills  they  need  to  implement,  manage,  and  troubleshoot  today’s  most 
complex  network  and  systems  environments.  The  degree  focuses  on  translating  business  objectives  into  specific  system 
requirements,  ensuring  a  high  level  of  security,  and  understanding  the  needs  of  application  programmers  and  users. 

Sophisticated  technological  systems  are  at  the  core  of  the  way  all  businesses  are  run  today.  Our  challenging  curriculum 
and  faculty  of  industry  leaders  make  certain  that  graduate  candidates  earn  the  skills  and  gain  the  knowledge  to  become 
top  quality  systems  administrators,  and  form  networks  that  will  provide  important  professional  contacts. 

A  Master’s  degree  from  NYU  -  a  tradition  of  innovation  and  excellence 

1-888-998-7204,  ext.532 
www.scps.nyu.edu/532 

New  York  University  is  an  affirmative  action/equal  opportunity'  institution.  ©2004  New  York  University  School  of  Continuing  and  Professional  Studies 


www.itcareers.com 
Where  The  Best  Get  Better! 


Newark 

(NJIVERSHY 

J  A  PRIVATE  UNIVERSITY  IN  THE  PUBLIC  SERVICE 

School  of  Continuing  and 
Professional  Studies 


Information  Sessions: 

Please  call  the  number  below 
to  RSVP. 


Wednesday,  March  24 
6-8  p.m. 

American  Management  Association 
1601  Broadway,  8th  Floor 
(at  48th  Street) 
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A  Call 
To  Action! 

Take  the  hassle  out  of 
searching  for  the  right 
candidate  and  contact  us 
at  (800)  762-2977. 

We  can  place  your 
message  in  front  of  2/3  of 
all  US  IT  professionals. 

Call  (800)  762-2977 
www.itcareers.com 


Software  Developer  to  analyze, 
design,  develop  appis  including 
IP  appis  using  ASP,  ASP.NET, 
VB.NET.  HTML,  Java,  Java¬ 
Script,  VC++  ,  VB,  COM,  Oracle 
9i,  PL/SQL,  XML,  XPATH.  XML- 
DOM,  WEBDav,  IIS  5.0,  SOAP 
etc;  develop  data  aware  security 
model  using  Oracle  XML  DB 
running  Java  External  Routines 
on  Oracle  9i  in  conformance 
with  XACML  1.0  standards;  write 
components  for  establishing 
asynchronous  data  transfer  us¬ 
ing  MSMQ;  co-ordinate  with  off¬ 
shore  development  team  and 
provide  end  user  training.  Re¬ 
quire  a  B.S.  or  foreign  equiv  in 
CS/Engg  (any  branch)  with  3  yrs 
exp  in  IT.  High  salary.  F/T.  Travel 
involved.  Resume  to  HR,  Triton 
Information  Technologies.  Inc, 
501  Silverside  Road,  Suite  139, 
Wilmington,  DE  19809. 


PROGRAMMER  ANALYST  / 
SOFTWARE  ENGINEERS 
Needed:  Several  Sr.  and  Mid 
Level  positions  available  for 
qualified  candidates  possessing 
MS/BS  &  relevant  work  experi¬ 
ence.  Work  with  COBOL,  JCL, 
VSAM,  DB2,  CICS.  ORACLE, 
JAVA,  SERVLETS,  XML,  EJB, 
C++,  VC++,  SYSTEM  ADMIN, 
DBA's,  SAP,  Seibel,  Peoplesoft 
and  Technical  Recruiters. 
Please  mail  resume  to  Attn:  HR 
Dept.  LanceSoftlnc,  2200  West 
Higgins  Road,  Suite  210  C, 
Hoffman  Estates,  IL-  60195. 


Systems  Analyst.  Responsible 
for  Wholesale  Distribution 
Systems  analysis,  design,  and 
development;  website  design 
and  programming;  computer 
system  support  needs;  and 
research  and  dissemination  of 
information  on  technology 
issues.  Must  have  two  years 
college  in  Comp.  Sci.,  MIS  or 
Business  Tech.,  two  years 
exp.,  and  knowledge  of  PRO¬ 
GRESS  and  UNIX.  Send 
resume  to  MT  Sports,  LLC, 
Attn:  Norm  Pollock,  650 
Carbon  St.,  Billings,  MT 
59102. 


Programmers  &  Software 
Engineers:  Analyze,  design, 
develop  apps.,  in:  (A) 
Vertex,  Goldmine,  Lawson 
Financials,  Oracle/SQL 
Server  2000;  (B):  Oracle 
and  related  tech.,  SAS  & 
related  SAS  tools,  Proc 
Format,  Metadata,  Cognos, 
Dataminer.  Oracle/SAS 
Cert,  preferred.  Attn:  Chet 
Patel,  120  Bluegrass 
Parkway,  Alpharetta,  GA 
30005. 


Software  Engineer:  For  co.  spe¬ 
cializing  in  mktg  &  mnfg  of  com¬ 
puter  s/w,  write/modify  applica¬ 
tions,  programs  &  modules  from 
design  specs;  test,  maintain, 
debug,  update  &  assist  in  estab¬ 
lishing  quality  assurance  plans 
for  programs  &  applications; 
keep  current  w/  evolving  sys 
analysis,  programming  &  data¬ 
base  tech.  Develop  &  test  com¬ 
plex  SQL  stored  procedures, 
view  &  functions;  develop  data 
marts  using  by  MS  Analysis 
Srvs;  provide  on-call  customer 
support.  Req's:  Bachelor's,  or 
completion  of  degree  require¬ 
ments,  in  Comp  Sci,  Info  Sys  or 
a  related  field.  1  yrs  exp  in  job 
offered  or  1  yr  of  programming 
exp.  Exp  must  include  support¬ 
ing  PC's,  mainframe  or  Web- 
based  environments.  Proficien¬ 
cy  in  Oracle,  Java  &  SQL  Server 
40hrs/wk.  Send  res.  to  box  C-5, 
P.O.  Box  1924,  Phila,  PA  19105. 


Material  Management  Analyst 
wanted  by  Danco  (subsidiary  of 
NCH  Corp)  to  handle  manage¬ 
ment  of  import  &  vendor  rela¬ 
tions!,  obsolete  inventory. 
Outsourcing  activities.  Must 
have  minimum  bachelor  in  man¬ 
agement  with  experience. 
Please  apply  at : 
chriscol@nch.com.  EOE.  No  calls. 

Infomerica  is  looking  for  sys¬ 
tem/programmer  analysts,  soft¬ 
ware/project  engineers  &  com¬ 
puter  consultants  working  at  dif¬ 
ferent  sites  (travel  required). 
Candidates  must  have  BS  with 
1-year  exp.  in  IT  fields.  Skills  of 
Oracle.  Informix,  Java  preferred. 
Send  resumes  to: 
info@infomericainc.com  EOE. 


Software  Performance  Engin¬ 
eers,  Boston.  Develop,  plan  & 
execute  performance  tests  for 
bus/financial  s/w,  incl.  integra¬ 
tion,  regression,  load,  &  stress 
on  multi  configs  &  platforms; 
assure  standards  &  scalability; 
training,  cust.  interaction  &  on¬ 
site  trouble-shooting.  Use  J2EE 
mgmnt  s/w,  websphere/DB2  on 
AIX,  Load  Runner,  SILK  Perfor¬ 
mer  &  proficiency  in  config  & 
tuning  multi-tiered  apps.  Reqs: 
MS  eng  or  comp  sci  &  6  yrs  exp 
as  sys  eng  or  analyst,  including 
full  lifecycle  develop.  UNIX. 
Korn  shell,  sed,  awk  &  4  yr.  exp. 
in  PERL,  2  yrs.  XML.  Perm 
workers  only.  Resumes  to:  N. 
Green,  SI,  Inc.  3500  Lenox  Rd. 
Ste.  200  Atlanta  GA  30326. 


Advansoft  (Soft  O  Soft)  is  look¬ 
ing  for  program  or  system  ana¬ 
lysts,  IT  engineers.  Candidate 
must  have  BS  or  equivalent. 
Exp.  in  IT  area  such  as  Oracle, 
Java,  VB,  WebSphere/Weblogic 
etc  is  plus.  Travel  maybe 
required  for  some  position. 
Please  email  resumes  to: 
info@advansoft.com.  EOE 

System  Analyst  or  Software 
Engineers  wanted  by  Mobics,  a 
small  but  stable  company.  Job 
duties  include:  work  on 
Java/Script,  JSP,  Servlets,  Unix, 
Oracle.  Travel  maybe  required. 
Min  qualification  is  BS+exp. 
Competitive  wage  with  full  bene¬ 
fits.  Please  apply  at : 
info@mobics.com.  EOE. 


Senior  Software  Engineer  for 
engg  dsgn  svcs  Co  for  wireless 
telecom  in  Redmond,  WA. 
Responsible  for  reqmts,  dsgn  & 
implmtn  of  embedded  applies  for 
wireless  devices  &  dvlpg  wire¬ 
less  protocol  stacks  or  s/ware 
for  telecommunications  eqpmt. 
Specific  duties  of  position  incl: 
s/ware  dvlpmt  for  telecomm 
industry;  specify  s/ware  reqmts 
using  an  object  oriented  reqmts 
tool  (such  as  UML)  &  dvlpg 
voice  applies  for  mobile  devices; 
dvlp  object  oriented  s/ware  in 
C++  or  Java;  dvlp  embedded 
applic  s/ware  for  Symbian 
Operating  System  (or  other  win¬ 
dowing  envrmt  such  as  Win  CE 
or  Palm  OS),  J2ME  &  BREW; 
independently  taking  dvlpmt  pro¬ 
jects  thru  entire  s/ware  dsgn  life¬ 
cycle;  &  provide  tech  supervi¬ 
sion  &  guidance  to  jr.  level 
engrs.  In  carrying  out  duties,  use 
MS  Visual  Studio,  ARM  compiler 
&  linker  toolset,  J2ME  wireless 
toolkit,  Jtag  debugger,  &  Agilent 
8960  wireless  test  set  or  equiv 
eqpmt.  Reqs  Bach  or  equiv  in 
Comp  Sci  or  related  field.  5  yrs 
exp  in  job  offd  or  5  yrs  exp  in 
dvlpg  object  oriented  s/ware  in 
C++  or  Java.  Respond  to  HR 
Mgr,  Job  Code  #SWENG01-IT, 
Elektrobit,  Inc,  11121  Willows  Rd 
NE.  Ste  200,  Redmond,  WA 
98052. 


Multimedia  Web  Developer. 
Consults  w /  design,  technical, 
&  marketing  staff  to  plan  web 
site  dev.  Develops  graphic  & 
technical  architecture  of  web 
sites  including  database 
design  &  user  interface 
design.  Req  Bach.  in 
Advertising  or  Related  Field  & 
1  yr.  of  exp.  in  job  or  1  yr.  of 
exp.  as  a  Graphic  Designer/ 
Visualizer.  Send  Resume: 
Steven  Cohen,  Tempart,  Inc., 
412  SE  13th  St.,  Fort 
Lauderdale,  FL  33316  (job- 
site). 


Senior  Programmers  with  MS  in 
CS  and  min  2  yrs  exp  wanted  in 
Houston.  Must  have  working 
knowledge  of  ASP,  .NET,  J2EE, 
SQL,  XML,  BizTalk  Server  2002, 
WebMethods,  Oracle  Certified 
DBA,  MCSD,  MCDBA,  wireless 
applications.  Resume  to:  E- 
Ceptionist,  Inc.,  2000  Bagby, 
Ste.  5430,  Houston,  TX  77002. 


Banking 

MBNA  America  Bank,  N.A.,  the 
world's  largest  independent  credit 
card  issuer,  is  accepting  applica¬ 
tions  for  several  Analyst  III 
Technical  positions. 

Duties:  This  position  assists  in  the 
support  and  development  of  the 
SQL  Server  Database,  PC  based 
applications,  and  the  manage¬ 
ment  of  related  projects  from  initi¬ 
ation  through  implementation 
Additional  responsibilities  include 
developing  increasingly  complex 
applications  and  queries  to  pro¬ 
vide  information  to  the  desktops  of 
Financial  Analysts;  performing 
technical  analysis  and  research  to 
provide  management  with  deci¬ 
sion-making  information;  provid¬ 
ing  Business  Change  support  in 
the  capacity  of  backup  support  for 
daily  reconciliation,  problem  reso¬ 
lution,  and  impact  analysis;  assist¬ 
ing  in  the  management  of  MS 
SQL  Servers;  ensuring  that 
enabling  technologies  are 
deployed  and  stable  to  meet  pro¬ 
ject  and  sector  needs;  supporting 
mission  critical  applications  devel¬ 
oped  by  the  Information  Delivery 
Team;  performing  problem  solv¬ 
ing/trouble  shooting  duties;  and 
evaluating  new  technology  and 
software  for  financial  sector  use. 
Finally,  this  position  provides  pro¬ 
ject  management  expertise  by 
functioning  as  a  lead  technical 
analyst  in  the  development  of 
strategic  and  tactical  plans  by 
identifying  project  resources,  and 
by  developing  and  communicating 
status  reports  and  actions  plans  to 
management. 

Requirements:  Bachelors  deg¬ 
ree  in  Computer  Science,  a  relat¬ 
ed  field,  or  the  equivalent  techni¬ 
cal  training.  Must  have  at  least  2 
years  experience  with  Information 
Systems,  system  development 
methodologies,  and  program¬ 
ming.  Experience  with  Visual 
Basic,  Intranet  technologies,  DB2, 
and  SQL  Server  also  required. 

Salary:  $63,  024  per  year 

Hours:  Monday-  Friday  8:00 
a.m.  until  5:00  p.m. 

A  master’s  degree  in  Computer 
Science  or  a  related  field  will  be 
accepted  in  lieu  of  the  experience 
requirement. 

Please  reference  code  number. 
DE203819  and  forward  (2) 
resumes  to: 

Delaware  Department  of  Labor 
Division  of  Employment 
and  Training 
Attention:  Olga  Hungria 
4425  N.  Market  Street, 

P.O.  Box  9828 
Wilmington,  DE  19809-0828 


Sr.  Developer  for  comput¬ 
er  co  in  Larchmont,  NY. 


Must  have  4  yrs  exp  in  all 
aspects  of  s/ware  devel¬ 
opment.  Send  resume  to: 


Timelink,  2635  Boston 


Post  Rd,  Larchmont,  NY 


10538,  attn:  Dale 


IT  Education  &  Training  Directory 


Contact  the  companies  listed  below 
to  help  you  with  your  training  needs! 


-  ■  ■  ■'rri 


To  place  your  ad  please  call  800-762-2977 


IPexpert,  Inc. 

(866)  225-8064 

www.ipexpert.com 

CCIE  (R&S,  SEC,  and  C&S),  CCSP, 

CCNP,  CCNA,  IP  Telephony 


CBT  Nuggets 

(888)  507-6283  &  (541)  284-5522 
www.cbtnuggets.com 
Affordable  training  videos  on  CD 
MCSE,  MCDBA,  MCSD,  CCNA, 
Citrix,  Linux,  A+,  Net  + 
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cities  nationwide  covering 
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also  available  for  customized  on-site  training.  For  complete 
and  immediate  information  on  our  current  seminar  offerings, 
call  a  seminar  representative  at  800-643-4668,  or  go  to 
www.nwfusion.com/seminars.  - 
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database,  semi-structured  e-mail 
and  unstructured  file  data  based 
on  those  rules. 

This  third  area  —  the  ability  to 
move  data  based  on  rules  —  is 
one  that  EMC  still  needs  to  work 
on,  analysts  say 

“EMC  needs  to  have  some  addi¬ 
tional  storage  technologies  that 
tie  together  their  1LM  process, 
almost  a  policy  engine,”  says 
Jamie  Gruener.  a  senior  analyst 
for  The  Yankee  Group.  “Docu- 
mentum  software  will  provide 
some  of  that.” 

Documentum  says  its  software 
is  especially  good  at  classifying 
and  managing  unstructured  data, 
such  as  documents  generated  in 
Microsoft  Word.  Adobe  or  HTML. 
EMC  estimates  that  up  to  80%  of 
data  is  unstructured. 

“We  brought  capabilities  EMC 
did  not  have  before.”  says 
Documentum  CEO  Dave 
De Walt.  “One  is  called  content- 
awareness.  We  have  the  ability  to 
tag  and  track  the  life  cycle  of 
content.  By  tagging  it,  we  can 
determine  how  long  the  article 
will  be  good  for,  who  can  see  it 
and  what  type  of  storage  it 
should  be  saved  on.” 

Documentum’s  Content  Server. 
Document  Control  Manager  and 


other  products  provide  a  reposito¬ 
ry  for  storing,  managing  and 
retrieving  documents,  scanned 
images,  Web  pages  and  reports 
based  on  rules  IT  administrators 
set.  They  also  feature  access  con¬ 
trol  mechanisms,  search,  work- 
flow  and  versioning  so  data  can 
not  only  be  retrieved  quickly  but 
also  categorized  for  movement 
from  one  storage  device  to  anoth¬ 
er.  EMC  says  these  products  will 
remain  as  independent  offerings, 
although  the  company  is  evaluat¬ 
ing  how  best  to  integrate  them 
with  its  management  tools. 

To  address  how  to  handle  the 
20%  of  data  that  is  semi-structured 
and  structured,  EMC  will  point 
customers  to  its  Legato  software, 
such  as  ArchiveXtender,  Disk- 
Xtender,  SANXtender  and  Email- 
Xtender.EMC  also  has  announced 
a  database  archiving  product, 
DatabaseXtender,  from  technol¬ 
ogy  obtained  via  Outerbay 
Technologies. 

The  fifth  level  of  ILM,  Goulden 
says,  is  more  future-oriented. 

“If  we  look  a  year  out,  we  see  an 
environment  where  the  entire 
storage  system  and  the  servers 
attached  to  it  will  be  virtualized,” 
he  says. 

“There  will  be  a  pool  of  re¬ 
sources,  [and  you’ll  be  able  to] 
dial  in  your  service  levels  based 
on  the  need  of  the  applications” 


Doing  it  for  the  margins 

EMC  President  and  CEO  Joseph  Tucci  told 
industry  analysts  in  2002  that  his  goal  was 
for  the  company  to  have  at  least  30%  of  its 
revenue  come  from  software  in  2003.  Sure 
enough,  the  company  did  it. 

In  2003,  software  licenses  and  maintenance 
represented  more  than  31%  of  EMC's  total  rev¬ 
enue  of  $6.2  billion,  contributing  to  a  swing  from 
a  $119  million  loss  in  2002  to  nearly  a  half-billion- 
dollar  profit  in  2003.  Revenue  from  new  acquisi¬ 
tions  Legato  Systems  and  Documentum 
accounted  for  nearly  one-quarter  of  that  soft¬ 
ware  revenue,  according  to  EMC. 

A  big  reason  for  EMC  wanting  to  shift  its  rev¬ 
enue  mix  is  that  software  promises  higher  prof¬ 
it  margins,  whereas  hardware  margins  are 
increasingly  being  squeezed  as  storage  hard¬ 
ware  gets  less  expensive  even  as  it  becomes 
more  powerful.  EMC  doesn’t  break  out  hard¬ 


ware  or  software  margins,  but  says  total  gross 
margins  have  fallen  from  61%  in  2000  to  45.6% 
today.  Given  that  EMC's  revenue  mix  still  is 
weighted  heavily  toward  hardware  sales,  it's 
clear  to  see  that  margins  are  way  off. 

Wall  Street  says  software  such  as  EMC’s  gen¬ 
erally  has  an  80%  to  85%  margin.  That's  where 
software  specialist  Veritas  Software's  gross 
margins  fall,  for  instance. 

"Growing  enterprise  software  exposure 
should  enable  EMC  to  further  augment  growth 
beyond  storage,"  says  Brent  Bracelin,  a  senior 
research  analyst  for  Pacific  Crest  Securities. 
Bracelin  projects  that  EMC  will  have  software 
license  and  maintenance  revenue  of  better  than 
$2.7  billion  this  year,  which  should  make  EMC 
the  world’s  eighth-largest  enterprise-software 
company. 

—  Deni  Connor 


he  adds. 

EMC  is  working  on  software  for 
release  next  year  that  combines 
storage  virtualization  technology 
the  company  has  been  working 
on  with  VMware’s  server  virtual¬ 
ization  technology 

“There  is  networking  virtualiza¬ 
tion,  storage  virtualization,  com¬ 
pute  virtualization,  and  for  the 
customer  to  have  all  that  start 
being  seamless  is  a  great  thing,” 


says  Diane  Greene,  president  and 
CEO  ofVMware. 

VMware’s  products  include 
VirtualCenter.  which  is  a  manage¬ 
ment  interface;  VMotion,  which 
lets  live  servers  be  moved  from 
one  virtual  machine  host  to 
another:  and  ESX  Server,  which 
allows  server  partitioning. 

From  EMC’s  standpoint,  the  top 
level  of  ILM  consists  of  integration 
and  management  services.  Ana- 


Foundry  extends  10G  to  the  edge 


■  BY  PHIL  HOCHMUTH 

Foundry  Networks  this  week  is  scheduled  to 
announce  10G  Ethernet  switches  that  could 
help  companies  eliminate  bottlenecks  be¬ 
tween  the  LAN  core  and  edge,  the  vendor  says. 

Foundry’s  Fastlron  Edge  Switch  (FES)  X- 
Series  switches  are  fixed-configuration  wiring 
closet  boxes  aimed  at  helping  customers  sup¬ 
port  high-bandwidth  applications  to  desktops. 
Each  box  also  features  dual  10G  Ethernet 
uplink  slots,  which  could  be  used  to  connect 
the  switches  directly  to  a  core  switch  and  elim¬ 
inate  the  need  for  a  network  aggregation  or 
distribution  layer  of  switches,  Foundry  says. 

The  FES  X424  and  X448  are  24-  and  48-port 
switches,  respectively  with  all-copper  ports 
that  support  10/1 00/ 1 000M  bit/sec  Ethernet. 
Two  slots  are  included  on  the  front  of  the 
boxes  for  10G  Ethernet  optical  port  inserts. 

The  10G  ports  on  both  FES  X-Series  switches 
use  a  new  type  of  pluggable  fiber-optic  trans¬ 
ceiver  called  10  Gigabit  Small  Form  Factor 
Pluggable  —  XF’P  for  short. These  transceivers 
are  about  half  the  size  of  the  standard  10G  Eth¬ 
ernet  Transceiver  Package  (XENPAK)  plug- 
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gable  modules  used  on  most  10G  gear.  They 
also  consume  less  power  and  cost  less  than 
XENPAK  ports,  Foundry  says. 

Both  switches  include  four  Small  Form 
Factor  Pluggable  fiber-optic  ports,  which  can 
accept  multi-mode  or  single-mode  Gigabit 
Ethernet  over  fiber  connections. 

The  Foundry  X-Series  will  compete  with 
Extreme  Networks’ Summit  400,  a  fixed-config¬ 
uration,  48-port  10/100/1000  switch  with  dual 
10G  uplinks,  which  use  XENPAK  modules.The 
10G  ports  on  Foundry’s  X-Series  switch, starting 
at  about  $7,000,  are  priced  about  $1,000  less 
than  the  price  Extreme  announced  last  month 
at  the  Summit  400  launch.  Extreme  and 
Foundry  are  the  only  enterprise  switch  ven¬ 
dors  to  announce  fixed-configuration  10G 
switches  so  far. 

The  X-Series  switches  come  with  what 
Foundry  calls  basic  Layer  3  features,  which 
include  support  for  Layer  3  quality-of-service 
protocols,  such  as  Differentiated  Services,  and 
security  by  filtering  or  controlling  traffic  via  IP 
addresses. 

A  software  upgrade  can  make  the  box  a  full 
routing  switch,  with  support  for  routing  proto¬ 
cols  such  as  Open  Shortest  Path  First.  These 
features  would  be  used  if  an  X-Series  switch 
were  deployed  as  an  aggregation  box  to  link 
other  lower-speed  wiring  closet  switches. 
Foundry  says.These  features  also  can  be  used 


if  the  switch  is  deployed  in  a  data  center  to 
connect  individual  servers  or  as  a  server  dus¬ 
ter  connectivity  node. 

While  some  high-end  users  might  be  ready 
to  take  advantage  of  the  10G  features  of  the 
FES  X-Series  switches,  most  users  probably 
still  will  deploy  803. 3ad  trunking  to  get  logi¬ 
cal  multiple-Gigabit  throughput,  such  as 
aggregation  switch  uplinks,  or  backbone 
switch  connections. says  Chris  Kozup.an  ana¬ 
lyst  with  Meta  Group. 

At  about  $7,000,  the  10G  Ethernet  ports  on 
the  X-Series  are  a  positive  sign  that  the  tech¬ 
nology  is  becoming  more  affordable.“It’s  a  far 
cry  from  $80,000  per  port,  which  we  saw  when 
[10G  Ethernet]  was  first  introduced”  in  2002. 
Kozup  says. 

The  FES  X424  will  be  available  next  month, 
starting  at  $5,500  for  24  10/100/1000  ports.The 
FES  X448.  with  48  10/100/1000  ports,  is  sched¬ 
uled  to  be  available  in  June  and  start  at  $8,000. 
Adding  a  single  10G  Ethernet  XFP  transceiver 
to  either  switch  will  cost  an  extra  $4,500,  and 
an  additional  $3,000  to  $4,000  for  the  optical 
XFP  plug-in  (depending  on  whether  multi-  or 
single-mode  fiber  is  usedJ.  A  dual-port  trans¬ 
ceiver  also  will  be  available  for  $6, 500. All  XFPs 
and  optical  plug-ins  will  be  shipped  next 
month.  Full  Layer  3  routing  upgrades  for  the 
FES  X424  and  X448  (available  in  June)  will  be 
priced  at  $1,500  and  $2,000,  respectively  ■ 


lysts  speculate  EMC  could  look  to 
acquire  companies  with  exper¬ 
tise  in  this  area. 

“Services  will  be  a  huge  com¬ 
ponent  of  ILM  to  help  customers 
assign  values  to  the  data  and  set 
up  their  data  life-cycle  processes, 
which  is  a  bear  to  do.”  Gruener 
says. 

While  EMC’s  Documentum. 
Legato  and  VMware  deals  have 
been  its  highest-profile  software 
buyouts,  the  company  has 
snapped  up  13  other  software 
vendors  over  the  past  five  years. 
Together,  they  have  moved  EMC 
into  broader-based  competition 
with  companies  such  as  HP  IBM 
and  Veritas  Software. 

“Until  now  they’ve  competed 
with  these  vendors  on  a  set  play¬ 
ing  field  —  the  storage  market,” 
Gruener  says.  Although  this  is 
pretty  risky  for  ‘EMC  classic’  to 
undertake,  the  rewards  could  be 
significant  —  transforming  EMC 
into  more  of  a  data  center  man¬ 
agement  company  that  also  sells 
hardware.” 

Senior  Editor  Jennifer  Mears  con¬ 
tributed  to  this  storv. 
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Caffeine 

continued  from  page  1 

Robinson  resorted  to  Think- 
Geek’s  Shower  Shock  (200  mil¬ 
ligrams  of  caffeine  per  shower 

—  twice  that  of  the  average  cup 
of  coffee)  during  a  near-sleep- 
iess  period  of  working  long 
shifts  at  a  tech  support  center 
and  helping  a  friend  get  a  Web 
site  online.  He’s  still  not  quite 
sure  whether  to  credit  the 
candy  or  the  caffeine  in  the 
soap  for  perking  him  up,  but  his 
attraction  to  caffeine  would 
seem  to  make  him  fit  right  in  to 
the  higfi-tech  industry  once  his 
school  days  are  over. 

While  few  still  drink  Jolt  Cola, 
the  beverage  that  emerged  in 
1986  with  the  slogan  “twice  the 
caffeine”  and  played  a  big  part 
in  the  romanticized  image  of 
developers  pulling  all-night 
codefests.  caffeine  remains  a 
staple  of  many  an  IT  worker’s 
life.  A  quick  scan  of  the  recy¬ 
cling  bin  in  any  office  where 
developers  work  will  likely  turn 
up  more  than  your  average  col¬ 
lection  of  empty  bottles  and 
cups  of  Dr.  Pepper,  Diet  Coke,  the 
‘energy  drink”  Red  Bull, 
Arizona’s  iced  Ginseng  Tea  or 
Starbucks  Frappaccinos.  Not 
only  has  the  range  of  highly  caf- 
feinated  beverages  expanded, 
but  also  a  new  market  of  caf¬ 
feine  “accessories”  has  emerged 

—  from  the  aforementioned 
soap  to  Timmy’s  Torrid  Tonic  hot 
sauce,  which  blends  caffeine 
with  habanero  peppers. 

An  informal  poll  posted  on 
Network  World’s  Fusion  Web  site 
showed  of  50  respondents,  55% 
drink  one  to  four  coffees  or 
sodas  per  day,  32%  drink  four  to 
eight  cups  of  the  beverages 
daily,  8%  drink  a  whopping  nine 
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■  THIS  WEEK’S  QUESTION: 

Which  company  was 
formed  through  the 
merger  of  KVM  switch 
makers  Apex  and  Cybex 
in  2000? 

Stumped?  Get  the  answer  online. 

V:.'>  i  Natwork  World  Fusion  and  enter 
2348  in  the  Search  box. 


3/15/04 


News 


www.nwfusion.com  i 


ISPs  slap  suits  on 
alleged  spammers 


servings  or  more  each  day,  and 
only  4%  don’t  drink  coffee  or 
soda  at  all. 

“We  get  coffee  for  free,  so  all  of 
our  developers  are  hard-core 
coffee  drinkers,”  says  Jason 
Sosinski,  IS  security  administra¬ 
tor  with  ARS  Service  Express,  a 
heating  and  cooling  services 
company  in  Houston. “It  closely 
resembles  mud  most  of  the 
time,  but  it  doesn’t  cost  anything 
so  we ’re  happy?’ 

Amazon.com  CTO  Allan 
Vermeulen  says  the  company 
keeps  coffee  pots  brewing 
around  the  clock  and  has  “pop” 
machines  scattered  about.  Plus, 
being  in  Seattle,  his  team  can 
access  half-a-dozen  coffee 
shops  within  200  feet  of  the 
office.  But  Vermeulen  says  his 
philosophy  is  not  to  rely  too 
much  on  caffeine  to  keep  devel¬ 
opers  going. 

“We  find  giving  our  developers 
really  cool  interesting  work, 
then  letting  them  push  them¬ 
selves  to  do  their  best  is  a  much 
more  effective  way  of  keeping 
them  awake  than  caffeinating 
them.”  he  says.“l  use  caffeine  as 
a  way  to  take  a  break  from  my 
computer,  so  I  can  come  back 
refreshed.” 

In  part,  it’s  the  deadline-driven 
nature  of  writing  code  that  has 
fostered  a  dependency  on  caf¬ 
feine  for  many,  developers  say 
“When  you’re  sitting  in  front  of  a 
computer  screen  you  want 
something  to  drink.  And  after 
long  hours,  a  bit  of  caffeine  can 
get  you  going  again,” says  Rob 
“CmdrTaco"  Malda.  creator  and 
editor  of  Slashdot.org,  a  news 
and  resource  Web  site  for  devel¬ 
opers  and  engineers. 

Even  though  the  computer 
industry  has  matured  and 
product  development  no 
longer  takes  on  the  frenzied 
pace  of  the  1980s  and  ’90s. 
programmers  still  spend  count¬ 
less  hours  in  front  of  their 
screens  trying  to  perfect  their 
code.“Developers  are  a  unique 
breed:  they’re  under  a  lot  of 
time  pressure  to  get  things 
done  and  at  times  are  forced 
to  work  long,  strange  hours. 
They’re  put  in  situations 
where,  in  their  view,  caffeine 
helps,”  says  Scott  Testa,  CEO  of 
intranet  software  company 
Mindbridge,  who  is  also  a 
developer. 

“The  salesforce  generally  can’t 
call  someone  at  3  a.m.  and  sell 
something,  where  as  you  can 
code  anytime,  anywhere,”  he 
says.  According  to  Testa,  devel¬ 
opers  at  Mindbridge  drink 
roughly  four  times  the  caffeine 
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as  other  employees. 

The  caffeine-addicted  image 
also  helps  create  an  air  of  irrev¬ 
erence  toward  corporate  norms 
that  many  developers  embrace 
and  often  get  away  with. “Most 
programmers  are  highly  inde¬ 
pendent  and  highly  intelligent,” 
says  Harry  Weller,  a  partner  with 
venture  capital  firm  New 
Enterprise  Associates.“They’re 
allowed  to  wear  what  they  want, 
do  what  they  want,  and  even 
work  when  they  want,  but  they 
have  to  make  their  deadlines.” 

As  anyone  who  has  experi¬ 
enced  a  caffeine  crash  knows, 
the  substance  also  has  its  down¬ 
side.  Caffeine  stimulates  certain 
neurotransmitters  in  the  brain 
and  increases  production  of 
adrenaline,  which  makes  a  per¬ 
son  more  alert,  says  Dr.  Daniel 
Amen,  a  psychiatrist  and  brain¬ 
imaging  specialist.“It  can 
increase  productivity  in  the 
short  run. The  problem  is  you 
always  pay  for  it . . .  it’s  like  giv¬ 
ing  someone  a  stimulus:  They’ll 
[eventually]  crash,”  he  says.“And 
for  someone  who  is  anxious  or 
obsessive,  the  more  [caffeine] 
they  drink  . . .  they  can  concen¬ 
trate  better  on  the  things  that 
bug  them.” 

Much  like  surgeons,  develop¬ 
ers  tend  to  adopt  tunnel  vision 
when  trying  to  solve  problems, 
says  Dr.  Pamela  Brill,  a  psycholo¬ 
gist  who  has  worked  onsite  at 
technology  companies  to  help 
computer  professionals  change 
behavior  patterns.  'When  you 
get  really  focused  and  have  tun¬ 
nel  vision  associated  with  a 
high  level  of  energy,  you 
become  stupid  from  traveling  at 
such  high  speeds,”  she  says. 

What’s  important  is  that  devel¬ 
opers  walk  the  line  between 
being  energized  by  caffeine  and 
abusing  it,  Brill  adds.“Life  is  not 
one  size  fits  all.  We  each  have 
[our  own]  tolerance  for  certain 
chemicals,  and  caffeine  is  one 
of  them,” she  says.B 


Get  more  information  online. 
DocFinder:  1139 
www.nwfusion.com 


■  BY  GRANT  GROSS 

Four  major  ISPs  last  week  said 
they  are  suing  more  than  220 
alleged  spammers  responsible 
for  sending  out  hundreds  of  mil- 


HP  to  snap 
up  user 
|  mgmt.  firm 

■  BY  DENISE  DUBIE 

| 

|  HP  last  week  announced  plans 
j  to  buy  TruLogica  for  an  undis¬ 
closed  sum  and  fit  its  user-provi- 
I  sioning  software  into  the  Open- 
View  management  portfolio. 

|  TruLogica’s  software  is  designed 
to  automate  the  management  of 
I  user  privileges  across  multiple 
systems.  HP  says  the  technology 
|  will  support  its  utility  computing 
j  architecture.  Adaptive  Enterprise, 
which  integrates  HP’s  hardware. 
I  software  and  services  to  help 
users  quickly  respond  to  chang¬ 
ing  resource  needs.  HP  competi¬ 
tors  Computer  Associates.  IBM, 
Microsoft  and  Sun  have  laid  out 
plans  for  utility  computing. 

I  HP  will  sell  TruLogica’s  software 
separately  to  start,  although  HP 
says  customers  should  expect  to 
see  the  technology  directly  inte¬ 
grated  with  HP  OpenView  Select 
Access,  an  identity  management 
|  software  package,  by  about 
midyear.  ■ 
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lions  of  unsolicited  commercial 
e-mails. 

The  six  lawsuits,  filed  by  AOL, 
EarthLink,  Microsoft  and  Yahoo, 
target  the  worst  spammers  using 
“outlaw  tactics,”  says  Mike 
Callahan,  senior  vice  president 
and  general  counsel  at  Yahoo, 
which  joined  with  the  other  three 
ISPs  about  a  year  ago  to  form  an 
anti-spam  alliance.  The  lawsuits 
are  among  the  first  filed  under  a 
new  U.S.  law  called  CAN-SPAM 
(Controlling  the  Assault  of  Non- 
Solicited  Pornography  and 
Marketing), which  went  into  effect 
in  January 

The  lawsuits  name  just  five  indi- 
|  viduals  and  five  companies,  with 
I  at  least  215  other  defendants  as 
j  unnamed  John  Does.The  compa- 
j  nies  say  they  are  confident  they 
can  use  the  expanded  law- 
enforcement  tools  available 
I  under  CAN-SPAM  to  identify  the 
I  unnamed  defendants  and  shut 
them  down. 

|  The  alleged  spammers  that  the 
i  lawsuits  targeted  include  those 
l  sending  advertisements  for  penis 
|  enlargement  pills,  weight  loss  sup- 
|  plements,  adult-content  Web  sites 
!  and  mortgage  offers,  among 
|  other  products.  The  spam  identi- 
I  fied  in  the  lawsuits  allegedly  vio¬ 
lated  one  or  more  sections  of  the 
I  CAN-SPAM  law.  including  false 
I  “from”  addresses,  no  physical 
I  address  in  the  e-mail  and  no 
option  to  unsubscribe, 
i 

|  Gross  is  a  correspondent  with 
I  IDG  News  Services' Washington, 
DC.  bureau.  . 
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Your  role  is  expanding. 

As  business  infrastructure  moves  to  the  forefront,  your  company 
relies  on  you  to  keep  existing  systems  at  peak  performance  while 
tackling  a  broad  range  of  new  requirements.  Securing  wireless 
networks,  implementing  collaboration  technologies,  improving 
regulatory  compliance,  ensuring  business  continuity — all  while 
doing  more  with  less. 

Enterprise  challenges  demand 
end-to-end  solutions. 

As  networking  and  communications  professionals,  you  need  to 
focus  on  an  end-to-end,  system-wide  approach  when  building 
and  optimizing  your  business  infrastructure: 

»  Security  »  Performance 

»  Wireless  ))  Data  Center  and  Storage 

»  Collaboration  and  VoIP  »  Infrastructure  and  Services 


Visit  INTEROP.com  for  details  and  registration. 

Save  up  to  $200 — Register  by  April  9. 

Use  Priority  Code:  ADAPZ1ND 


Put  it  all  together. 

Only  NetWorld+Interop  brings  you  the  latest  strategies,  techniques 
and  products  for  every  point  in  your  infrastructure — and  shows 
you  how  they  can  add  up  to  an  integrated,  end-to-end  solution 
that  meets  every  requirement  on  your  list. 

Make  the  connection  at  NetWorld+Interop. 

For  17  years,  NetWorld+Interop  has  helped  networking 
professionals  take  their  enterprises  and  their  careers  to  the  next 
level.  At  NetWorld+Interop  Las  Vegas  2004,  you'll  make  the 
industry's  best  ideas  and  latest  technologies  relevant  to  your 
needs,  and  discover  that  even  the  toughest  networking  challenge 
is  all  in  a  day's  work. 
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Hooked  on  the  lowest  bidder 
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h  get  a  grip!  Come  on  guys,  of 
course  I  wasn’t  serious!  How 
could  you  not  have  immedi¬ 
ately  guessed  that  that  was  what  1 
was  doing? 

You  know  I  don’t  think  the  govern¬ 
ment  and  its  agencies  have  a  clue 
about  communications  technology 
so  why  would  I  really  ever  seriously  propose  to 
hand  it  control  of  Microsoft  or  encourage  it  to  leg¬ 
islate  the  design  of  operating  systems  (see  last 
week’s  column  at  www.nwfusion.com,  DocFinder: 
1141)?! 

From  your  letters  it  appears  the  majority  of  us 
(around  60%  so  far)  agree  we  have  a  serious  prob¬ 
lem  on  our  hands.  Not  only  do  we  all  know  that 
our  corporate  operating-system  monoculture  is 
dangerous,  but  most  of  us  also  recognize  that  we 
have  been  willing  participants  in  the  creation  of  it. 

But  let  us  be  clear.  It  wasn’t  that  we  knew  better 
when  we  started  down  this  track,  and  it  wasn’t  that 
we  had  a  lot  of  choice.  But  that  period  of  inno¬ 
cence  collapsed  like  a  cheap  deck  chair. 

There  was  a  time  when  corporate  wisdom  was 
that  no  one  got  fired  for  buying  IBM.  Why?  Because 
you  were  making  a  serious  strategic  decision  when 
you  purchased  or  leased  IBM  equipment  and  the 
company  was  a  serious  business  partner. This  last 


point  was  important  because  IBM  provided  real 
service  and  had  a  track  record  —  the  decision  you 
were  making  had  legs. 

Then  along  came  the  PC  revolution  and  the  LAN 
revolution  and  then  the  Internet,  by  which  time 
Microsoft’s  market  dominance  had  been  consoli¬ 
dated  as  the  company  made  some  smart  moves, 
papered  over  the  cracks  of  its  dumber  moves  and 
did  some  really  aggressive  marketing  while  all  the 
other  vendors  stumbled  or  fell  over  their  own  feet. 

So  today  the  perceived  wisdom  is  no  one  gets 
fired  for  buying  Microsoft  —  the  company  has 
achieved  that  “old  school”  veneer  of  respectability 

But  wait!  Microsoft  did  it  with  cheap  products 
sold  to  mass  markets!  These  weren’t  system  sells  as 
in  the  IBM  mainframe  days  or  even  the  Digital 
minicomputer  days  —  these  were  stack  ‘em  high 
and  sell  ’em  cheap  building  blocks. 

By  the  time  we  started  to  realize  the  conse¬ 
quences  it  was  too  late!  These  weren’t  systems 
products,  particularly  where  networking  was  con¬ 
cerned,  and  they  were  built  from  a  vast  flotilla  of 
proprietary  and  de  facto  standards  that  sprouted 
like  mushrooms.  Using  this  hodgepodge  we  built 
bigger  systems  than  ever! 

We  all  got  hooked  on  cheap  and  easy  PC  operat¬ 
ing  system  products  and  proved  that  we  had  about 
as  much  true  grit  available  to  change  our  habits  as 


a  crack  addict  has  of  turning  down  a  free  dime 
bag. 

And  despite  our  growing  awareness  through  the 
1990s  that  we  were  getting  boxed  in  by  Wintel,it 
wasn’t  until  the  Aughts  that  the  idea  that  this  was 
actually  dangerous  started  to  get  talked  about. 

What  really  got  corporate  attention  was  the  prolif¬ 
eration  of  worms  and  viruses  that  capitalized  on 
Microsoft  software  vulnerabilities.  And  now  that  we 
know  what  Windows  source  code  looks  like  (see 
“We  are  morons,”  DocFinder:  1 142)  it  confirms  our 
suspicion  that  Microsoft  compromised  the  (dare  I 
say)  sanctity  of  the  operating  system  code  for  the 
benefit  of  its  own  applications! 

So  what  we  have  is  a  global  computing  infrastruc¬ 
ture  built  by  the  lowest  bidder  that  for  all  its  sophis¬ 
tication  and  fine  engineering  is  based  on  marketec- 
ture  and  compromises  on  top  of  trade-offs  founded 
on  hacks  and  old,  old  code. 

It  reminds  me  of  that  old  quote  by  astronaut  Alan 
Shepard  (quoted  by  John  Glenn):“I  was  up  there 
looking  around,  and  suddenly  I  realized  I  was  sit¬ 
ting  on  top  of  a  rocket  built  by  the  lowest  bidder’’ 

We  have  only  ourselves  to  blame  and  only  our¬ 
selves  to  look  to  for  a  fix. 

Ever  heard  of  the  Irish  Potato  Famine?  You  will  next 
week  . . .  keep  'em  coming  to  backspin@gibbs.com. 
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News,  insights,  opinions  and  oddities 

By  Paul  McNamara 


They  took  the  whole  site 

Imitation  isn’t  always  the  sincerest 
form  of  flattery:  It  can  be  a  crime  . . . 

and  a  pain  in  the  butt. 

Shults  Dot  Com,  a  Web  site  design  and  hosting  outfit  in  Mission  Viejo,  Calif., 
handles  the  online  needs  of  myriad  small  businesses  and  recreational  groups. 
Among  the  company’s  sites  is  that  of  the  Rochester,  N.Y.,  chapter  of  the 
Sports  Car  Club  of  America,  which  you  can  see  at  www.flr-scca.com. 

As  of  this  writing,  you  also  can  see  almost  exactly  the  same  content  —  page 
for  page,  link  for  link,  right  down  to  a  photo  album  and  contact  info  for  club 
officers  —  at  www.carorcar.com.  But  the  latter  is  an  unauthorized  copycat  site 
about  which  neither  Shults  Dot  Com  nor  the  car  club  had  an  inkling  until  they 
heard  about  it  from  me. 

The  copycat  was  running  a  series  of  banner  ads  —  since  apparently  stopped 

—  over  the  car-club  content  it  did  not  create  and  does  not  own. The  advertisers 

—  a  motley  collection  of  the  sort  one  might  normally  associate  with  spam  — 
presumably  were  compensating  the  Web  site  hijackers  in  some  fashion, 
although  exactly  how  or  how  much  would  be  anyone’s  guess. 

“We  were  not  aware  of  this  happening,”  says  MaryAnne  Curry-Shults  of 
Shults  Dot  Com.  “This  company  is  blatantly  stealing  our  content  without  con¬ 
science  or  consideration  of  the  copyright  infringement.” 

Shults  Dot  Com  late  last  week  was  attempting  to  contact  the  operator  of  the 
rogue  site  and  its  California  ISP  in  an  effort  to  get  the  matter  resolved. 
According  to  the  notoriously  unreliable  Whols  directory,  the  phony  site  is  reg¬ 
istered  to  someone  in  China  (a  few  of  the  links  on  the  thing  appear  to  this 
monolingual  columnist  to  be  written  in  Chinese). 

"As  far  as  legal  action,  we  shall  have  to  see  if  it  really  gets  that  far,”  Curry- 
Shidts  says. 


The  good  news  is  that  it  probably  won't  get  that  far. These  characters  look  to 
be  of  the  hit-and-run  variety,  as  they  first  targeted  another  auto-related  site 
called  Car  Enthusiast,  according  to  the  British  online  news  outlet  silicon.com. 
That  car  site's  owner  apparently  succeeded  in  chasing  off  the  bad  actors  with 
a  few  legal  threats.  My  guess  would  be  that  Shults  Dot  Com  soon  will  be  free 
of  them  as  well. 

“I’m  appalled  at  the  way  some  will  abuse  the  Internet,”  Curry-Shults  says.  “I 
guess  I’m  just  naive  to  the  fact  that  people  will  do  anything  to  ijiake  a  buck  no 
matter  how  unethical.” 

Suing  spammers  is  good  sport,  but . . . 

Headlines  are  sure  to  follow  whenever  corporate  giants  such  as  AOL,  Earth- 
Link,  Microsoft  and  Yahoo  unleash  a  small  pack  of  lawyers  on  a  big  pack  of 
spammers.  You  saw  this  happen  last  week. 

Much  less  certain  is  whether  the  ultimate  goal  —  reducing  overall  levels  of 
spam  —  is  in  any  way  a  realistic  expectation  from  such  an  adventure. 

If  history  is  any  guide,  that  result  is  not  likely.  Lawsuits  against  spammers 
have  been  commonplace  for  years  now,  yet  there  is  precious  little  evidence 
that  they  have  done  anything  to  stem  the  tide. 

The  companies  behind  this  most  recent  crop  of  lawsuits  say  this  time  will  be 
different  in  part  because  they  have  the  nation’s  new  CAN-SPAM  law  at  their 
disposal. 

Anything  that  makes  a  spammer’s  life  miserable  —  and  less  profitable  —  is 
well  worth  a  few  billable  hours. 

But  it  still  strikes  me  as  stomping  cockroaches  with  your  shoe:  Sure,  you’ll 
squish  a  few  of  the  buggers,  but  so  what? 

No  need  to  send  a  card  or  bake  a  cake,  but  I  thought  you  might  want  to  know  that 
my  authorship  of  'Net  Buzz  reached  the  five-year  mark  earlier  this  month.  Time  does 
fly. ...  But  the  address  remains  the  same:  buzz@nww.com. 


COST-CUTTING  SOLUTIONS  FOR  THE 

MOST  CHALLENGING  NETWORKS. 


BECAUSE  IF  WE’D  FAILED  THE  NATION’S 


LARGEST  CARRIERS  AND  IP  PROVIDERS, 
THEY  WOULD’VE  BLAMED  US  BY  NAME. 


IF  YOU  NEED  CREATIVE  CONNECTIVITY  TO  NEW  TECHNOLOGIES,  new  customers  and  new  revenues,  call  the  most  trusted  name 
in  the  industry:  WilTel.  The  same  name  trusted  by  the  world’s  largest  online  auctioneer  and  the  world’s  biggest  football  game. 
WilTel’s  next-gen  genius  is  everything,  or  any  part  of  any  solution  you 
need.  We  Consult.  Design.  Build.  Turn  up.  Manage  and  Maintain.  With 


intelligent  local-to-global  connectivity  across  America’s  largest  next- 
gen  network.  We’re  helping  businesses  built  on  bandwidth  all  around 
the  world  cut  the  cost  of  profitability.  Now,  aren’t  you  glad  you  heard 
of  WilTel? 


WilTel 


COMMUNICATIONS 


Net  Results.  Not  Excuses 
www. wiltel.com 


Call  1.866, WilTel.l 
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The  right  management  should  do  more  than  just  protect. 

It  should  also  enable. 

eTrust"  Security  Management  Software 

In  the  world  of  on-demand  computing,  it's  vital  that  your  IT  environment  be  both  secure  and  accessible.  That's  why  it's  essential  that  you  have 
the  right  security  management  software.  With  eTrust  security  management  software,  you  get  the  very  best  in  access,  identity,  and  threat 
management  all  seamlessly  integrated  with  your  existing  technology.  On  the  one  hand,  you  can  rest  assured,  knowing  that  your  information  is 
safe  from  prying  eyes.  At  the  same  time,  you  don't  have  to  worry  about  partners,  customers  or  employees  being  locked  out  of  areas  that  they 
need  to  access  to  optimize  business.  Best  of  all,  eTrust  can  give  you  a  single  view  of  your  entire  enterprise,  putting  you  in  complete  control.  As 
a  result,  you  can  make  real-time  decisions  based  on  comprehensive  information.  So  if  you're  looking  for  ways  to  minimize  risk  while  maximizing 
your  potential,  or  to  get  a  white  paper,  go  to  ca.com/security.  _ 
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